SMTP email Submission

Posted on 30 June 2010 by tekkistuff

The basic SMTP submission dialogue goes like this. Red is the client that is sending the mail and blue is the server that is receiving it.

220 smtp.example.com ESMTP Postfix
HELO relay.example.org
250 Hello relay.example.org, I am glad to meet you
MAIL FROM:<bob@example.org>
250 Ok
RCPT TO:<alice@example.com>
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From: "Bob Example" <bob@example.org>
To: "Alice Example" <alice@example.com>
Date: Tue, 15 Jan 2008 16:02:43 -0500
Subject: Test message
This is a test message.
. . . . . . .

Notes

Notice that there are two sets of to and from addresses. The ones used in the SMTP dialog are the “envelope addresses”. There are also to and from fields inside the email that may be the same or different. Since the envelope address is only visible as part of the SMTP dialog, some servers helpfully copy it into the message as “Envelope-To:”

Beware that anything that the originating system sends might be forged. There is little to stop an untrustworthy client putting what it likes into the various fields. If you receive a spam email, the only field that’s likely to be correct is the Envelope-To. That’s why it came to you in the first place.

In olden days, the routing of email was quite difficult to achieve and systems would co-operate by relaying to help messages on their way. The process of a client submitting a message to a server is not much different from delivering it between servers. The same SMTP protocol is used for both. But there are moves to segregate these two types of traffic by port number.

Because of spam, nobody relays mail for other people any more. Messages are sent directly from the mail server in the originating domain to the server in the destination domain. A home user should submit all emails via the server at his ISP. To do this, he must authenticate himself and satisfy some basic sanity checks on the message content.

A home user should not normally be running his own email server and sending mail directly to other destinations. If he is, he is either a geek or his PC has a virus causing it to send out spam. So ISPs often block direct SMTP traffic. The easiest way is to put a total block on all traffic using the SMTP port, 25.

In order to submit mail, the user connects to his home server using a different port, 587. So traffic is segregated with server-to-server traffic using SMTP on port 25 and authenticated email submission using SMTP on port 587.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a comment