http://www.linuxforum.net Jephe Wu (2001-04-21 18:16:42) 1. SMTP works in two situations: one is that the email is transmitted from the client to the server; the other is from a certain Server transmits to another server 2. SMTP is a request/response protocol. Commands and responses are based on ASCII text and end with CR and LF characters. The response includes a three-digit code indicating the return status 3. SMTP listens for connection requests on TCP protocol port 25 4. Connection and sending process: a. Establish a TCP connection b. The client sends a HELO command to identify the sender himself , then the client sends the MAIL command and the server expects to respond with OK, indicating that it is ready to receive c. The client sends the RCPT command to identify the intended recipient of the email. There can be multiple RCPT lines, and the server indicates whether it is willing to receive the email. The sender accepts the email d. The negotiation is over, send the email, and use the command DATA to send e. Use . to indicate the end of the input content and send it out together f. End this sending and exit with the QUIT command. 5. Two other commands: VRFY---used to verify whether a given user mailbox exists and receive detailed information about the user. EXPN---used to expand the mailing list. 6. Mail routing process: The SMTP server routes emails based on the domain name of the intended recipient in the Domain Name Service DNS. SMTP servers route emails based on MX records in DNS. MX records register domain names and related SMTP relay hosts to which emails belonging to the domain should be sent. If the SMTP server mail.abc.com receives a letter and wants to send it to shuser@sh.abc.com: a.Sendmail requests DNS to give the CNAME record of the host sh.abc.com, if any. If the CNAME goes to shmail.abc .com, then request the CNAME record of shmail.abc.com again until there is no more b. Assume that it is CNAME to shmail.abc.com, and then sendmail requests the DNS of the @abc.com domain to give the MX record of shmail.abc.com , shmail MX 5 shmail.abc.com 10 shmail2.abc.com c. Sendmail finally requests DNS to give the A record of shmail.abc.com, that is, the IP address. If the return value is 1.2.3.4 d. Sendmail and 1.2.3.4 Connect and send this letter to shuser@sh.abc.com to the SMTP background program of this server in 1.2.3.4 7. SMTP basic command set: Command description --------------- --------------- HELO Identifies the user's identity to the server. The sender can deceive and lie, but under normal circumstances the server can detect it. MAIL Initialize mail transfer mail from: RCPT Identify a single mail recipient; often there can be multiple rcpt to: DATA after the MAIL command. After a single or multiple RCPT commands, it means that all mail recipients have been identified and initialize data transmission. , ends with. VRFY Used to verify whether the specified user/mailbox exists; due to security reasons, the server often prohibits this command EXPN , the server should respond OK QUIT End session RSET Reset session, the current transmission is canceled-------------------------------- 8 . The address specified in the MAIL FROM command is called the envelope from address and does not need to be consistent with the sender's own address. RCPT TO is equivalent, the specified recipient address is called the envelope to address, regardless of what the actual to: line is. 9. Why are there no RCPT | CC and RCPT | BCC:? All receiver negotiations are implemented through the RCPT | TO command. If it is BCC, the envelope receiver will be deleted when the other party receives it after the negotiation is sent. 10. The mail is divided into envelope parts , the letterhead part and the letter body part envelope from, envelope to are completely irrelevant to message from:, message to:. Evnelope is provided by the SMTP backend between server hosts, while message from/to is provided by the user. The presence or absence of a colon is also a difference. 11. How to check whether a letter is forged from the envelope? a. Relevance of received rows. In the current SMTP mail transmission system, in addition to the internal hosts at both ends processing the envelope part, consider the part between the two company firewalls. If the two firewall machines are A and B respectively, but the recipient checks the envelope received: line If it is found to have passed C., it is a forgery. b. received: Does the host and IP address pair in the line correspond to each other, such as: Received: from galangal.org (turmeric.com [104.128.23.115] by mail .bieberdorf.edu.... c. It was manually added at the end The received line: Received: from galangal.org ([104.128.23.115]) by mail .bieberdorf.edu (8.8.5) Received: from lemongrass.org by galangal.org (8.7.3) Received: from graprao.com by lemongrass.org (8.6.4) Jephe Wu