One document matched: draft-gellens-on-demand-00.txt
Internet Draft: On-Demand Mail Relay R. Gellens
Document: draft-gellens-on-demand-00.txt QUALCOMM, Inc.
Expires: 5 May 1998 5 November, 1997
On-Demand Mail Relay
Status of this Memo:
This document is an Internet Draft. Internet Drafts are working
documents of the Internet Engineering Task Force (IETF), its Areas,
and its Working Groups. Note that other groups may also distribute
working documents as Internet Drafts.
Internet Drafts are draft documents valid for a maximum of six
months. Internet Drafts may be updated, replaced, or obsoleted by
other documents at any time. It is not appropriate to use Internet
Drafts as reference material or to cite them other than as a
"working draft" or "work in progress."
To learn the current status of any Internet Draft, please check the
"1id-abstracts.txt" listing contained in the Internet Drafts shadow
directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
ftp.isi.edu (US West Coast).
A version of this draft document is intended for submission to the
RFC editor as a Proposed Standard for the Internet Community.
Discussion and suggestions for improvement are requested. Please
send comments to the IETF Disconnected SMTP mailing list,
<ietf-disconn-smtp@imc.org>. To subscribe, send a message
containing SUBSCRIBE to <ietf-disconn-smtp-request@imc.org>.
This document will expire before the end of May 1998. Distribution
of this draft is unlimited.
The file name of this version is draft-gellens-on-demand-00.txt
Introduction
With the spread of low-cost computer systems and Internet
connectivity, the demand for local mail servers had been rising.
Many people now want to operate a mail server on a system which has
only an intermittent connection to a service provider. If the
system has a static IP address, the [ESMTP] [ETRN] command can be
Gellens Expires May 1998 [Page 1]
Internet Draft On-Demand Mail Relay November 1997
used. However, systems with dynamic IP addresses (which are very
common with low-cost connections) have no good solution.
This memo proposes a new service, On-Demand Mail Relay, which is a
profile of [ESMTP], providing for a secure, extensible, easy to
implement approach to the problem.
1. Conventions Used in this Document
Because the client and server roles reverse during the session, to
avoid confusion, the terms "customer" and "provider" will be used
in place of "client" and "server", although of course this protocol
may be useful in cases other than commercial service providers and
customers.
In examples, "P:" is used to indicate lines sent by the provider,
and "C:" indicates those sent by the customer. Line breaks within
a command are for editorial purposes only.
The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY"
in this document are to be interpreted as defined in [KEYWORDS].
2. Description
On-Demand Mail Relay is a restricted profile of SMTP which runs on
port xxxx. The initial client and server roles are short-lived, as
the point is to allow the intermittently-connected host to request
mail held for it by a service provider.
The customer initiates a connection to the provider, authenticates,
and requests its mail. The roles of client and server then
reverse, and normal [ESMTP] proceeds.
The provider has an On-Demand Mail Relay process listening for
connections on port xxxx. This process does not need to be a full
SMTP server. It does need to be an SMTP client with access to the
outgoing mail queues, and as a server implement the EHLO, AUTH,
TURN, and QUIT commands.
An MTA normally has a mail client component which processes the
outgoing mail queues, attempting to send mail for particular
domains, based on time or event (such as new mail being placed in
the queue, or receipt of an ETRN command by the SMTP server
component). The On-Demand Mail Relay service processes the
outgoing queue not on a timer or new mail creation, but on request.
Gellens Expires May 1998 [Page 2]
Internet Draft On-Demand Mail Relay November 1997
3. States
The On-Demand Mail Relay service has three states: an initial
state, an authenticated state, and a reversed state. The state
progression is illustrated in the following diagram:
---------------------------
! initial state !
---------------------------
! !
QUIT AUTH
! !
! V
! -----------------------
! ! authenticated state !
! -----------------------
! ! !
! QUIT TURN
! ! !
! ! V
! ! ------------------
! ! ! reversed state !
! ! ------------------
! ! !
! ! QUIT
! ! !
V V V
---------------------
! termination !
---------------------
3.1. Initial State
In the initial state, the provider is the server and the customer
is the client. Three commands are valid: EHLO, AUTH, and QUIT.
3.1.1. EHLO
The EHLO command is the same as in [ESMTP]. The response must
include AUTH and TURN.
3.1.2. AUTH
AUTH is specified in [AUTH]. The AUTH command uses a [SASL]
mechanism to authenticate the session. The session is not
considered authenticated until a success response to AUTH has been
sent.
Gellens Expires May 1998 [Page 3]
Internet Draft On-Demand Mail Relay November 1997
For interoperability, implementations MUST support the CRAM-MD5
mechanism. Other SASL mechanisms may be supported. A site may
disable CRAM-MD5 support if it uses more secure methods. The
EXTERNAL mechanism might be useful in some cases, for example, if
the provider has already authenticated the client, such as during a
PPP connection.
3.1.3. QUIT
The QUIT command is the same as in [SMTP].
3.2. Authenticated State
The authenticated state is entered after a successful AUTH command.
Two commands are valid in the authenticated state: TURN and QUIT.
3.2.1. TURN
Unlike the TURN command in [SMTP], here the TURN command takes one
or more domains as a parameter. The TURN command MUST be rejected
if the session has not been authenticated. Response code 503
should be used for this. The timeout for this command MUST be at
least 15 minutes to allow the provider time to process its mail
queue. If the authentication used by the customer does not provide
access to any of the domains specified in TURN, the provider MUST
NOT send mail for those domains to the customer. The provider MUST
reject the TURN command with a 450 code. If the customer does have
access to all of the specified domains, but none of them have any
queued mail, the provider also rejects the TURN with 450. If
[SMTP-CODES] is used according to [CODES-EXTENSION], the provider
MUST NOT distinguish between these cases. If the customer has
access to all of the specified domains and mail exists in at least
one of them, the provider issues a 250 success code.
ABNF for TURN:
turn ::= "TURN" domain *("," domain)
domain ::= sub-domain 1*("." sub-domain)
sub-domain ::= letter-digit *(ldh-str)
letter-digit ::= alpha / digit
ldh-str ::= *(alpha / digit / "-") letter-digit
alpha ::= <ASCII character in the range 65 ("A")
through 90 ("Z"), or 97 ("a") through
122 ("z")>
digit ::= <ASCII character in the range 48 ("0")
Gellens Expires May 1998 [Page 4]
Internet Draft On-Demand Mail Relay November 1997
through 57 ("9")>
3.3. Reversed State
After the provider has sent a success reply to the TURN command,
the roles reverse, and the customer becomes the server, and the
provider becomes the client. At this point normal [ESMTP] commands
are used. Typically the provider sends MAIL FROM immediately
following the success response to TURN.
3.4. Other Commands
The provider SHOULD reject all commands other than EHLO, AUTH,
TURN, and QUIT with response code 502.
4. Example On-Demand Mail Relay Session:
P: 220 ISP.NET on-demand mail relay server ready
C: EHLO foobar.net
P: 250-AUTH=CRAM-MD5 Kerberos-v5
P: 250 TURN
C: AUTH CRAM-MD5
P: 334 MTg5Ni42OTcxNzA5NTJASVNQLkNPTQo=
C: Zm9vYmFyLm5ldCBiOTEzYTYwMmM3ZWRhN2E0OTViNGU2ZTczMzRkMzg5MAo=
P: 235 now authenticated as foobar.net
C: TURN foobar.net, vanity.com
P: 250 [9876foo] OK now reversing the connection
P: MAIL FROM: <Lester.Tester@dot.foo.org>
C: 250 OK
P: RCPT TO: <l.eva.msg@vanity.com>
C: 250 OK, recipient accepted
...
P: QUIT
C: 221 foobar.net closing connection
5. Alternative Approaches
A number of alternative approaches were considered:
5.1. ETRN, ETRN extension, ETRN-like command
ETRN is a very workable solution for intermittently-connected MTAs
which have a static IP address.
For MTAs with a dynamic address, we need to distinguish a normal
ETRN (which should use the DNS) from a dynamic ETRN (which would
normally use the IP address that the client is presently on).
Gellens Expires May 1998 [Page 5]
Internet Draft On-Demand Mail Relay November 1997
Several possible solutions to this problem were considered:
1. A new command (DTRN)
2. A optional parameter to ETRN:
ETRN [192.168.15.2:8025] foobar.net
The presence of an IP address in square brackets would serve to
indicate that this is an ETRN for use with an
intermittently-connected host, and also allow the host to request
use of a port other than 25.
It would also clue the server that it should reject the command
unless the client was authenticated.
Because the ETRN syntax does not allow for an optional parameter
(other than a single-character flag), and because there needs to be
a way for the provider to advertise support for the dynamic ETRN
capability, the new command seems the better approach.
Because the provider responds to ETRN by opening a new connection
back to the customer, there is a potential timing hole: the
customer could get disconnected, and another customer, which also
runs an MTA, could connect at just the right time and be assigned
the IP address previously used by the customer which issued the
ETRN.
Several potential solutions to this problem were considered:
1. The provider opens the new connection to the customer before
responding to DTRN. This allows it to verify that it reached the
correct IP address, and that the customer is still connected on the
first connection:
P: 220 ISP.NET mail server ready
C: EHLO foobar.net
P: 250-AUTH=CRAM-MD5 Kerberos-v5
P: 250 DTRN
C: AUTH CRAM-MD5
P: 334 MTg5Ni42OTcxNzA5NTJASVNQLkNPTQo=
C: Zm9vYmFyLm5ldCBiOTEzYTYwMmM3ZWRhN2E0OTViNGU2ZTczMzRkMzg5MAo=
P: 235 now authenticated as foobar.net
C: DTRN foobar.net
...
C: 250 foobar.net mail server ready
P: EHLO ISP.COM
C: 250 OK
P: MAIL FROM...
...
P: 250 [9876foo] OK new connection opened
Gellens Expires May 1998 [Page 6]
Internet Draft On-Demand Mail Relay November 1997
Drawbacks: constrains the amount of time in which the provider must
process its queue (to avoid timeout on DTRN). Delays additional
activity on the first connection. Requires the provider to be
immediately aware if the first connection closes. Requires the
provider to coordinate activity and state on two connections, which
is difficult in some implementations.
Advantage: simple.
2. Turn the connection (with a new command, since TURN is
deprecated and not supported by most MTAs):
P: 220 ISP.NET mail server ready
C: EHLO foobar.net
P: 250-AUTH=CRAM-MD5 Kerberos-v5
P: 250 RTRN
C: AUTH CRAM-MD5
P: 334 MTg5Ni42OTcxNzA5NTJASVNQLkNPTQo=
C: Zm9vYmFyLm5ldCBiOTEzYTYwMmM3ZWRhN2E0OTViNGU2ZTczMzRkMzg5MAo=
P: 235 now authenticated as foobar.net
C: RTRN foobar.net
P: 250 [9876foo] OK now reversing the connection
P: MAIL FROM
Drawbacks: requires customer's server to open an additional
connection if it has mail to send and wants to send and receive at
the same time; architecturally difficult in many server
implementations; requires provider's mail server to be able to
process queue within reasonable time period (to avoid timeout on
RTRN).
Advantages: very simple design, few additional round-trips.
3. The provider responds to DTRN with a key (a random number) that
the customer returns in the EHLO response or the greeting when the
new connection is opened:
P: 220 ISP.NET mail server ready
C: EHLO foobar.net
P: 250-AUTH=CRAM-MD5 Kerberos-v5
P: 250 DTRN
C: AUTH CRAM-MD5
P: 334 MTg5Ni42OTcxNzA5NTJASVNQLkNPTQo=
C: Zm9vYmFyLm5ldCBiOTEzYTYwMmM3ZWRhN2E0OTViNGU2ZTczMzRkMzg5MAo=
P: 235 now authenticated as foobar.net
C: DTRN foobar.net
P: 250 [9876foo] OK will open new connection
...
C: 220 foobar.net mail server ready
P: EHLO ISP.COM
C: 250 DTRN ID [9876foo]
P: MAIL FROM
Gellens Expires May 1998 [Page 7]
Internet Draft On-Demand Mail Relay November 1997
Drawbacks: requires customer's server to maintain state between the
ISP connection and the new connection.
Advantages: simple, few additional round-trips.
4. The customer includes in DTRN a key (a random number) that the
provider sends in a new command when the new connection is opened:
P: 220 ISP.NET mail server ready
C: EHLO foobar.net
P: 250-AUTH=CRAM-MD5 Kerberos-v5
P: 250 DTRN
C: AUTH CRAM-MD5
P: 334 MTg5Ni42OTcxNzA5NTJASVNQLkNPTQo=
C: Zm9vYmFyLm5ldCBiOTEzYTYwMmM3ZWRhN2E0OTViNGU2ZTczMzRkMzg5MAo=
P: 235 OK now authenticated as foobar.net
C: DTRN foobar.net "9876foo"
P: 250 OK will open new connection
...
C: 220 foobar.net mail server ready
P: DTRNID "9876foo"
C: 250 OK Please send me my mail
P: MAIL FROM
Drawbacks: the provider has no assurance it reached the correct
system; any system could respond to DTRNID (with any key) with an
OK.
5. Require a new authentication for the new connection:
P: 220 ISP.NET mail server ready
C: EHLO foobar.net
P: 250-AUTH=CRAM-MD5 Kerberos-v5
P: 250 DTRN
C: AUTH CRAM-MD5
P: 334 MTg5Ni42OTcxNzA5NTJASVNQLkNPTQo=
C: Zm9vYmFyLm5ldCBiOTEzYTYwMmM3ZWRhN2E0OTViNGU2ZTczMzRkMzg5MAo=
P: 235 now authenticated as foobar.net
C: DTRN foobar.net
P: 250 OK will open new connection
...
C: 220 foobar.net mail server ready
P: EHLO ISP.COM
C: 250 AUTH=CRAM-MD5 Kerberos-v5
P: AUTH CRAM-MD5
C: 334 MTg5Ni42OTcxNzA2ODNAZm9vYmFyLm5ldAo=
P: ISP.COM a872b304a4bcd3b587a2bcd938473849
C: 235 ISP.COM verified, please send me my mail
The second authentication could use the same shared secret as the
first, to make things simpler.
Drawbacks: while the customer can now trust the provider, the
provider has no assurance it reached the correct system; any system
could respond to AUTH (with any ID and secret) with an OK.
Gellens Expires May 1998 [Page 8]
Internet Draft On-Demand Mail Relay November 1997
6. Require a reverse authentication (a challenge) for the new
connection:
P: 220 ISP.NET mail server ready
C: EHLO foobar.net
P: 250-AUTH=CRAM-MD5 Kerberos-v5
P: 250 DTRN
C: AUTH CRAM-MD5
P: 334 MTg5Ni42OTcxNzA5NTJASVNQLkNPTQo=
C: Zm9vYmFyLm5ldCBiOTEzYTYwMmM3ZWRhN2E0OTViNGU2ZTczMzRkMzg5MAo=
P: 235 now authenticated as foobar.net
C: DTRN foobar.net
P: 250 OK will open new connection
...
C: 220 foobar.net mail server ready
P: EHLO ISP.COM
C: 250 CHAL=CRAM-MD5 Kerberos-v5
P: CHAL CRAM-MD5 <1896.697170683@foobar.net>
C: 250 SVNQLkNPTSBhODcyYjMwNGE0YmNkM2I1ODdhMmJjZDkzODQ3Mzg0OQo=
P: MAIL FROM
Drawbacks: requires a total of three new commands (AUTH, DTRN, and
CHAL). The customer is potentially sending its ID and the
challenge result to anybody who connects, which makes the
customer's secret susceptible to an offline dictionary attack,
without the need of intercepting any traffic (better authentication
mechanisms could be deployed which would avoid this problem; also,
the customer can check the IP address to ensure it is within the
provider's network; the customer could also require that the
provider's server authenticate before issuing the CHAL). The CHAL
command is a bit strange.
Advantages: the same authentication code and database can be used
for both AUTH and CHAL. The provider is assured it is talking to
the correct system. The first authentication (before the DTRN)
could be made optional.
7. The On-Demand Mail Relay service, as proposed here.
Drawbacks: requires customer's server to open an additional
connection if it has mail to send and wants to send and receive at
the same time; requires provider's process to be able to process
queue within reasonable time period (to avoid timeout on TURN).
Advantages: avoids the architectural difficulty of TURN on port 25,
since the on-demand relay server does not need to be a full mail
server, but instead essentially an SMTP client which accepts a few
specific commands; few additional round-trips.
The method proposed in this memo (the On-Demand Mail Relay service)
seems to offer the best trade-offs among security, extensibility,
simplicity, and deployability of the alternatives explored.
Gellens Expires May 1998 [Page 9]
Internet Draft On-Demand Mail Relay November 1997
6. Security Considerations
Because access to the On-Demand Mail Relay server is only useful
with a prior arrangement between the parties (so the provider is
the target of MX records for the customer's domains and thus has
mail to relay), it may be useful for the provider to restrict
access to the On-Demand Mail Relay port. For example, a TCP
wrapper or firewall could be used to block access to port xxxx
except within the provider's network. This might be useful when
the provider is the customer's ISP. Use of such mechanisms does
not reduce the need for the AUTH command, however, but can increase
the security it provides.
Use of SASL in the AUTH command allows for substitution of more
secure authentication mechanisms in the future.
See sections 3.1.2. and 3.2.1. for additional security details.
7. Acknowledgments
This draft has been developed in part based on comments and
discussions which took place on and off the IETF-disconn-smtp
mailing list.
8. References
[ESMTP] Klensin, J., Freed, N., Rose, M., Stefferud, E., and D.
Crocker, "SMTP Service Extensions", RFC 1869, STD 10, November
1995, <ftp://ds.internic.net/rfc/rfc1869.txt>
[ETRN] De Winter, J., "SMTP Service Extension for Remote Message
Queue Starting", RFC 1985, August 1996,
<ftp://ds.internic.net/rfc/rfc1985.txt>
[KEYWORDS] Bradner, "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997,
<ftp://ds.internic.net/rfc/rfc2119.txt>
[SASL] Myers, J., "Simple Authentication and Security Layer
(SASL)", (work in progress),
<ftp://ftp.isi.edu/internet-drafts/draft-myers-auth-sasl-12.txt>
[AUTH] Myers, J., "SMTP Service Extension for Authentication",
(work in progress),
<ftp://ftp.isi.edu/internet-drafts/draft-myers-smtp-auth-08.txt>
Gellens Expires May 1998 [Page 10]
Internet Draft On-Demand Mail Relay November 1997
[SMTP] J. Postel, "Simple Mail Transfer Protocol", RFC 821, STD
10, August 1982, <ftp://ds.internic.net/rfc/rfc821.txt>
[CODES-EXTENSION] Freed, N., "SMTP Service Extension for Returning
Enhanced Error Codes", RFC 2034, October 1996,
<ftp://ds.internic.net/rfc/rfc2034.txt>
[SMTP-CODES] Vaudreuil, G., "Enhanced Mail System Status Codes",
RFC 1893, January 1996, <ftp://ds.internic.net/rfc/rfc1893.txt>
9. Author's Address
Randall Gellens +1.619.651.5115
Qualcomm, Inc. +1.619.651.5334 (fax)
6455 Lusk Blvd. Randy@Qualcomm.Com
San Diego, CA 92121-2779
U.S.A.
Gellens Expires May 1998 [Page 11]
| PAFTECH AB 2003-2026 | 2026-04-23 23:43:13 |