CCIE Study Notes

SMTP is the protocol that covers the sending of email. It runs normally on port TCP 25. One of the things that may be important on this topic is the difference between SMTP and ESMTP commands. Also note that SMTP is only SENDING mail. The retrieval of mail is separate. [Note that POP3 is not included in the blueprint.]

SMTP Commands:
"SMTP commands are character strings terminated by "<CRLF>. " [Carriage Return Line Feed and a period - basically a . on a line by itself]. The command codes themselves are alphabetic characters terminated by <SP> if parameters follow, and <CRLF> otherwise." MAIL from:abc@xyz.com and RCPT to:fgh@lmno.org have the parameters "from" and "to" included in the command.

Common SMTP Commands:

HELO
MAIL
RCPT
DATA
SEND
RSET
VRFY
QUIT

These are some, but not all of the commands. One important difference in the available commands is the EHLO vs HELO [ESMTP versus SMTP]. The EHLO from the sending server (client) is an indication to the receiving server (server) that the sending server is going to use ESMTP [Extended SMTP]. "Normally, the response to EHLO will be a multiline reply. Each line of the response contains a keyword and, optionally, one or more parameters. " The receiving server basically responds to EHLO with a list of extensions they accept. If they do not respond to EHLO, the "client" (sender) may fall back to HELO (depending upon configuration).

The AUTH command [ESMTP Command] is used to authenticate the client to the server. "The AUTH command sends the clients username and password to the e-mail server. AUTH can be combined with some other keywords as PLAIN, LOGIN and CRAM-MD5 (e.g. AUTH LOGIN) to use different login methods and different levels of security."

Other ESMTP commands are STARTTLS (to send mail over a TLS connection) and SIZE (maximum size for a message). Note that ESMTP's STARTTLS does not encrypt an email from end-to-end. It uses port 465 instead of port 25 for mail transfer. Secure submission of email (what you might use with your ISP) uses port 587 [per RFC6409]. But again, note that this is not "secure mail." In order to really send a private (encrypted end-to-end) email, you have to use PGP or extensions that encrypt the email using digital certificates.

One other thing that may be important is the parts of a mail system.

MUA - Mail User Agent (like Outlook)
MTA - Mail Transfer Agent
MSA - Mail Submission Agent
MDA - Mail Delivery Agent

You may also want to be familiar with MX (Mail Exchange) records. These are the DNS records that list where mail for that domain needs to go. You may also want to know about mail relays and "open" mail relays. If you're familiar with all these things, you should be fine for this section.

With section 3.0 being only 10% of the test and smtp being one of 16 topics under that percentage - I'm not sure how deep they would go on smtp. I could really go down the rabbit hole on this one since I have extensive experience with mail servers and systems. [One of my "elective" tests on the MCSE was for Exchange.] I've dealt with Netscape mail servers, Exchange, GroupWise, etc... Way back in the early 90s, I even played around with my email client and used a mail relay to "send" mail from an open relay. I've administered and used DMS (Defense Messaging System) - which is the military's customized version of Exchange. I've seen (and used) encrypted emails. If I had a penny for every email problem I've fixed, I could probably pay for the exam. I've even created and sent a mail using telnet and issued the commands manually and used the VRFY command to validate email addresses. (That was actually fun.) So I doubt I'll have any issues on this section of the exam.

One of the things I'd like to note here is that I am relating my experiences with these things for two reasons. One is that you really need to build a foundation before going into security. If you did not "come up through the ranks" by starting somewhere else, it's going to be a lot tougher to get through this stuff. You'll have to learn all this - plus how to secure it. The second reason is for those who actually have had experiences outside security - it is relevant. I remember a networking co-worker who tried to explain to me that it should be embarrassing to continue to wear my MCSE polo shirts - now that I was in networking. It was somehow "lesser" and I was degrading myself in some way. Folks, it's ALL relevant. The things you learned as Help Desk support, server administrator and network engineer - they all count. And you never know where it may help you. Learn to read the full headers of your email. You just might learn something (like X-headers). [Note: X-headers were deprecated in RFC 6648, but are still in use for some systems. They were often used to list the abuse address (where to email about abuse complaints) among other things.]