One document matched: draft-gellens-on-demand-02.txt
Differences from draft-gellens-on-demand-01.txt
On-Demand Mail Relay
Status of this Memo:
This document is an Internet Draft. Internet Drafts are working
documents of the Internet Engineering Task Force (IETF), its Areas,
and its Working Groups. Note that other groups may also distribute
working documents as Internet Drafts.
Internet Drafts are draft documents valid for a maximum of six
months. Internet Drafts may be updated, replaced, or obsoleted by
other documents at any time. It is not appropriate to use Internet
Drafts as reference material or to cite them other than as a
"working draft" or "work in progress."
To learn the current status of any Internet Draft, please check the
"1id-abstracts.txt" listing contained in the Internet Drafts shadow
directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
ftp.isi.edu (US West Coast).
A version of this draft document is intended for submission to the
RFC editor as a Proposed Standard for the Internet Community.
Discussion and suggestions for improvement are requested. Please
send comments to the IETF Disconnected SMTP mailing list,
<ietf-disconn-smtp@imc.org>. To subscribe, send a message
containing SUBSCRIBE to <ietf-disconn-smtp-request@imc.org>.
Copyright Notice
Copyright (C) The Internet Society 1998. All Rights Reserved.
Introduction
With the spread of low-cost computer systems and Internet
connectivity, the demand for local mail servers had been rising.
Many people now want to operate a mail server on a system which has
only an intermittent connection to a service provider. If the
system has a static IP address, the [ESMTP] [ETRN] command can be
used. However, systems with dynamic IP addresses (which are very
common with low-cost connections) have no good solution.
Gellens Expires September 1998 [Page 1]
Internet Draft On-Demand Mail Relay March 1998
This memo proposes a new service, On-Demand Mail Relay, which is a
profile of [ESMTP], providing for a secure, extensible, easy to
implement approach to the problem.
1. Conventions Used in this Document
Because the client and server roles reverse during the session, to
avoid confusion, the terms "customer" and "provider" will be used
in place of "client" and "server", although of course this protocol
may be useful in cases other than commercial service providers and
customers.
In examples, "P:" is used to indicate lines sent by the provider,
and "C:" indicates those sent by the customer. Line breaks within
a command are for editorial purposes only.
The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY"
in this document are to be interpreted as defined in [KEYWORDS].
2. Description
On-Demand Mail Relay is a restricted profile of SMTP which runs on
port xxxx. The initial client and server roles are short-lived, as
the point is to allow the intermittently-connected host to request
mail held for it by a service provider.
The customer initiates a connection to the provider, authenticates,
and requests its mail. The roles of client and server then
reverse, and normal [ESMTP] proceeds.
The provider has an On-Demand Mail Relay process listening for
connections on port xxxx. This process does not need to be a full
SMTP server. It does need to be an SMTP client with access to the
outgoing mail queues, and as a server implement the EHLO, AUTH,
ATRN, and QUIT commands.
An MTA normally has a mail client component which processes the
outgoing mail queues, attempting to send mail for particular
domains, based on time or event (such as new mail being placed in
the queue, or receipt of an ETRN command by the SMTP server
component). The On-Demand Mail Relay service processes the
outgoing queue not on a timer or new mail creation, but on request.
3. States
The On-Demand Mail Relay service has three states: an initial
state, an authenticated state, and a reversed state. The state
progression is illustrated in the following diagram:
Gellens Expires September 1998 [Page 2]
Internet Draft On-Demand Mail Relay March 1998
---------------------------
! initial state !
---------------------------
! !
QUIT AUTH
! !
! V
! -----------------------
! ! authenticated state !
! -----------------------
! ! !
! QUIT ATRN
! ! !
! ! V
! ! ------------------
! ! ! reversed state !
! ! ------------------
! ! !
! ! QUIT
! ! !
V V V
---------------------
! termination !
---------------------
3.1. Initial State
In the initial state, the provider is the server and the customer
is the client. Three commands are valid: EHLO, AUTH, and QUIT.
3.1.1. EHLO
The EHLO command is the same as in [ESMTP]. The response must
include AUTH and ATRN.
3.1.2. AUTH
The AUTH command is specified in [AUTH]. The AUTH command uses a
[SASL] mechanism to authenticate the session. The session is not
considered authenticated until a success response to AUTH has been
sent.
For interoperability, implementations MUST support the CRAM-MD5
mechanism [CRAM]. Other SASL mechanisms may be supported. A site
MAY disable CRAM-MD5 support if it uses more secure methods. The
EXTERNAL mechanism [SASL] might be useful in some cases, for
example, if the provider has already authenticated the client, such
as during a PPP connection.
Gellens Expires September 1998 [Page 3]
Internet Draft On-Demand Mail Relay March 1998
3.1.3. QUIT
The QUIT command is the same as in [SMTP].
3.2. Authenticated State
The authenticated state is entered after a successful AUTH command.
Two commands are valid in the authenticated state: ATRN and QUIT.
3.2.1. ATRN (Authenticated TURN)
Unlike the TURN command in [SMTP], the ATRN command optionally
takes one or more domains as a parameter. The ATRN command MUST be
rejected if the session has not been authenticated. Response code
503 should be used for this. The timeout for this command MUST be
at least 15 minutes to allow the provider time to process its mail
queue. An ATRN command sent with no domains is equivalent to an
ATRN command specifying all domains to which the customer has
access. If the authentication used by the customer does not
provide access to any of the domains specified in ATRN, the
provider MUST NOT send mail for those domains to the customer; the
provider MUST reject the ATRN command with a 450 code. If the
customer does have access to all of the specified domains, but none
of them have any queued mail, the provider also rejects the ATRN
with 450. If [SMTP-CODES] is used according to [CODES-EXTENSION],
the provider MUST NOT distinguish between these cases. If the
customer has access to all of the specified domains and mail exists
in at least one of them, the provider issues a 250 success code.
ABNF for ATRN:
atrn ::= "ATRN" [domain *("," domain)]
domain ::= sub-domain 1*("." sub-domain)
sub-domain ::= (ALPHA / DIGIT) *(ldh-str)
ldh-str ::= *(ALPHA / DIGIT / "-") (ALPHA / DIGIT)
3.3. Reversed State
After the provider has sent a success reply to the ATRN command,
the roles reverse, and the customer becomes the server, and the
provider becomes the client. At this point normal [ESMTP] commands
are used. Typically the provider sends MAIL FROM immediately
following the success response to ATRN.
Gellens Expires September 1998 [Page 4]
Internet Draft On-Demand Mail Relay March 1998
3.4. Other Commands
The provider SHOULD reject all commands other than EHLO, AUTH,
ATRN, and QUIT with response code 502.
4. Example On-Demand Mail Relay Session:
P: 220 ISP.NET on-demand mail relay server ready
C: EHLO foobar.net
P: 250-AUTH CRAM-MD5 Kerberos-v5
P: 250 ATRN
C: AUTH CRAM-MD5
P: 334 MTg5Ni42OTcxNzA5NTJASVNQLkNPTQo=
C: Zm9vYmFyLm5ldCBiOTEzYTYwMmM3ZWRhN2E0OTViNGU2ZTczMzRkMzg5MAo=
P: 235 now authenticated as foobar.net
C: ATRN foobar.net, vanity.com
P: 250 OK now reversing the connection
P: MAIL FROM: <Lester.Tester@dot.foo.org>
C: 250 OK
P: RCPT TO: <l.eva.msg@vanity.com>
C: 250 OK, recipient accepted
...
P: QUIT
C: 221 foobar.net closing connection
5. Security Considerations
Because access to the On-Demand Mail Relay server is only useful
with a prior arrangement between the parties (so the provider is
the target of MX records for the customer's domains and thus has
mail to relay), it may be useful for the provider to restrict
access to the On-Demand Mail Relay port. For example, a TCP
wrapper or firewall could be used to block access to port xxxx
except within the provider's network. This might be useful when
the provider is the customer's ISP. Use of such mechanisms does
not reduce the need for the AUTH command, however, but can increase
the security it provides.
Use of SASL in the AUTH command allows for substitution of more
secure authentication mechanisms in the future.
See sections 3.1.2 and 3.2.1 for additional security details.
6. Acknowledgments
This draft has been developed in part based on comments and
discussions which took place on and off the IETF-disconn-smtp
mailing list.
Gellens Expires September 1998 [Page 5]
Internet Draft On-Demand Mail Relay March 1998
7. References
[ESMTP] Klensin, J., Freed, N., Rose, M., Stefferud, E., and D.
Crocker, "SMTP Service Extensions", RFC 1869, STD 10, November
1995, <ftp://ds.internic.net/rfc/rfc1869.txt>
[ETRN] De Winter, J., "SMTP Service Extension for Remote Message
Queue Starting", RFC 1985, August 1996,
<ftp://ds.internic.net/rfc/rfc1985.txt>
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997,
<ftp://ds.internic.net/rfc/rfc2119.txt>
[SASL] Myers, J., "Simple Authentication and Security Layer
(SASL)", RFC 2222, October 1997,
<ftp://ds.internic.net/rfc/rfc2222.txt>
[CRAM] Klensin, J., Catoe, R., Krumviede, P. "IMAP/POP AUTHorize
Extension for Simple Challenge/Response", RFC 2195, September 1997,
<ftp://ds.internic.net/rfc/rfc2195.txt>
[AUTH] Myers, J., "SMTP Service Extension for Authentication",
(work in progress),
<ftp://ftp.isi.edu/internet-drafts/draft-myers-smtp-auth-11.txt>
[SMTP] J. Postel, "Simple Mail Transfer Protocol", RFC 821, STD
10, August 1982, <ftp://ds.internic.net/rfc/rfc821.txt>
[CODES-EXTENSION] Freed, N., "SMTP Service Extension for Returning
Enhanced Error Codes", RFC 2034, October 1996,
<ftp://ds.internic.net/rfc/rfc2034.txt>
[SMTP-CODES] Vaudreuil, G., "Enhanced Mail System Status Codes",
RFC 1893, January 1996, <ftp://ds.internic.net/rfc/rfc1893.txt>
8. Full Copyright Statement
Copyright (C) The Internet Society 1998. All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain
it or assist in its implmentation may be prepared, copied,
published and distributed, in whole or in part, without restriction
of any kind, provided that the above copyright notice and this
paragraph are included on all such copies and derivative works.
However, this document itself may not be modified in any way, such
as by removing the copyright notice or references to the Internet
Society or other Internet organizations, except as needed for the
purpose of developing Internet standards in which case the
procedures for copyrights defined in the Internet Standards process
Gellens Expires September 1998 [Page 6]
Internet Draft On-Demand Mail Relay March 1998
must be followed, or as required to translate it into languages
other than English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on
an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
9. Author's Address
Randall Gellens +1.619.651.5115
Qualcomm, Inc. +1.619.651.5334 (fax)
6455 Lusk Blvd. Randy@Qualcomm.Com
San Diego, CA 92121-2779
U.S.A.
Gellens Expires September 1998 [Page 7]
| PAFTECH AB 2003-2026 | 2026-04-23 17:03:12 |