Outgoing mail SMTP server
An email
client needs to know the IP address of its initial SMTP server and this
has to be given as part of its configuration (usually given as
a DNS name). This server will deliver outgoing messages on behalf of
the user.
Outgoing mail server access restrictions
Server
administrators need to impose some control on which clients can use the server.
This enables them to deal with abuse, for example spam. Two solutions have
been in common use:
·
In the past, many systems imposed usage
restrictions by the location of
the client, only permitting usage by clients whose IP address is one that the
server administrators control. Usage from any other client IP address is
disallowed.
·
Modern SMTP servers typically offer an
alternative system that requires authentication of clients by
credentials before allowing access.
Restricting access by location
Under
this system, an ISP's SMTP server
will not allow access by users who are outside the ISP's network. More
precisely, the server may only allow access to users with an IP address
provided by the ISP, which is equivalent to requiring that they are connected
to the Internet using that same ISP.
A
mobile user may often be on a network other than that of their normal ISP, and
will then find that sending email fails because the configured SMTP server
choice is no longer accessible.
This
system has several variations. For example, an organisation's SMTP
server may only provide service to users on the same network, enforcing this by
firewalling to block access by users on the wider Internet. Or the server may
perform range checks on the client's IP address.
These
methods were typically used by corporations and institutions such as
universities which provided an SMTP server for outbound mail only for use
internally within the organization. However, most of these bodies now use
client authentication methods, as described below.
Where
a user is mobile, and may use different ISPs to connect to the internet, this
kind of usage restriction is onerous, and altering the configured outbound
email SMTP server address is impractical. It is highly desirable to be able to
use email client configuration information that does not need to change.
Client authentication
Modern
SMTP servers typically require authentication of clients by
credentials before allowing access, rather than restricting access by location
as described earlier. This more flexible system is friendly to mobile users and
allows them to have a fixed choice of configured outbound SMTP
server. SMTP Authentication, often abbreviated SMTP AUTH, is an extension
of the SMTP in order to log in using an authentication mechanism.
Open relay
A
server that is accessible on the wider Internet and does not enforce these
kinds of access restrictions is known as an open relay. This is now
generally considered a bad practice worthy of blacklisting.
Ports
Communication
between mail servers generally uses the standard TCP port 25
designated for SMTP.
Mail clients however generally don't
use this, instead using specific "submission" ports. Mail services
generally accept email submission from clients on one of:
Port 2525 and others may be
used by some individual providers, but have never been officially supported.
Most Internet service
providers now block all outgoing port 25 traffic from their customers as
an anti-spam measure.[19] For
the same reason, businesses will typically configure their firewall to only
allow outgoing port 25 traffic from their designated mail servers.
SMTP transport example
A
typical example of sending a message via SMTP to
two mailboxes (alice and theboss) located in the same mail
domain (example.com or localhost.com) is reproduced in the
following session exchange. (In this example, the conversation parts are
prefixed with S: and C:, for server and client,
respectively; these labels are not part of the exchange.)
After
the message sender (SMTP client) establishes a reliable communications channel
to the message receiver (SMTP server), the session is opened with a greeting by
the server, usually containing its fully qualified domain
name (FQDN), in this case smtp.example.com.
The client initiates its dialog by responding with a HELO command identifying itself
in the command's parameter with its FQDN (or an address literal if none is
available).
Comments
Post a Comment