The Internet Engineering Task Force (IETF) has used the Request for Comments (RFC) process to create the standards that define electronic mail protocols. (Table A lists and defines current email protocols.) Numerous RFC documents publish these standards. You can read the full text of these documents at http://www.ietf.org/rfc.html. Ohio State University (OSU) maintains an excellent RFC-reference Web site. OSU has added links in each RFC document to obsolete and updated versions of the RFC; these links are handy when you want to be sure that you're looking at the most up-to-date RFC that defines a standard. Go to http://www.cis.ohio-state.edu/ htbin/rfc/INDEX.rfc.html to access an RFC master index. RFC 2400 documents an overview of the standards process and the official status of each current RFC. To read RFC 2400, go to http://www.cis.ohio-state.edu/htbin/ rfc/rfc2400.html.
| TABLE A: Email Protocols |
| MAIL TRANSFER PROTOCOLS |
| Protocol | Description |
|
| Simple Mail Transfer Protocol (SMTP) |
A text-based protocol that defines how a mail system sends messages. Mail-system administrators can test a mail server's basic SMTP connectivity by using Telnet to connect to port 25 on the server. The Microsoft article "Troubleshooting Problems Connecting to Mail Servers" (http://support.microsoft.com/ support/kb/articles/q154/5/78.asp) describes the basic procedures for troubleshooting SMTP and POP3 connectivity problems. The Microsoft article "XFOR: Telnet to Port 25 of IMC to Test IMC Communication" (http://support.microsoft.com/ support/kb/articles/q153/1/19.asp) describes how to use basic SMTP commands in a Telnet session to test SMTP server functionality. RFC 821 defines the SMTP protocol. You can find RFC 821 at http://www.cis.ohio-state.edu/ htbin/rfc/rfc0821.html. |
| Extended Simple Mail Transfer Protocol (ESMTP) |
This protocol encompasses a set of enhancements to the SMTP protocol that define additional mail commands. RFC 1869 defines the primary command, which defines EHLO, the command that ESMTP uses in place of RFC 821's HELO command and that returns a list of SMTP extensions that the mail server supports. Other RFCs define additional commands that extend the functionality of the SMTP protocol. You can find RFC 1869 at http://www.cis.ohio-state.edu/ htbin/rfc/rfc1869.html. |
| Post Office Protocol 3 (POP3) |
This protocol defines commands to transfer mail from a mail server to a mail client. As with the SMTP and Internet Message Access Protocol 4 (IMAP4) protocols, the commands are text-based; administrators can Telnet to TCP port 110 to issue the commands manually. The Microsoft article "XCLN: Troubleshooting POP3 Connections to Exchange Server" (http://support.microsoft.com/ support/kb/articles/q161/1/18.asp) describes a basic POP3 session that you can use to test POP3 function on a mail server. RFC 1939 defines POP3. You can find RFC 1939 at http://www.cis.ohio-state.edu/ htbin/rfc/rfc1939.html. |
| Internet Message Access Protocol 4 (IMAP4) |
This protocol defines text-based commands to transfer mail from a mail server to a mail client. IMAP has some key capabilities that POP3 lacks. With IMAP, you can define a hierarchy of folders (i.e., mailboxes on the mail server), which lets you organize and store mail messages where users can access them from multiple locations. IMAP supports shared folders, so a workgroup can share one copy of a message. IMAP supports both clear text and more secure authentication methods. You can Telnet to TCP port 143 to test IMAP4 connections manually. The Microsoft article "XADM: Verifying Basic IMAP Connectivity Using Telnet" (http://support.microsoft.com/ support/kb/articles/q189/3/26.asp) describes a basic IMAP session. RFC 2060 defines IMAP4. You can find RFC 2060 at http://www.cis.ohio-state.edu/ htbin/rfc/rfc2060.html. |
| SECURE MAIL ACCESS AUTHORIZATION (LOGON) PROTOCOLS |
| Protocol | Description |
|
| Authenticated Post Office Protocol (APOP) |
A POP3 user authentication command that RFC 1939, the POP3 standard, defines as optional for a POP3 implementation. In a standard POP3 authentication sequence, the PASS command sends your POP3 password in plain text across the network. APOP uses the Message Digest 5 (MD5) algorithm, which RFC 1321 defines, to combine your password with the timestamp that the server sends in response to a HELO or EHLO command. The result is a 16-octet binary string that the server sends over the network in place of the clear-text password. |
| POP3 AUTH |
A command that applies the authentication mechanisms to POP3 that implement as IMAP4 AUTH. (RFC 1731 describes these authentication mechanisms.) RFC 1734 describes the POP3 AUTH command. You can find RFC 1734 at http://www.cis.ohio-state.edu/ htbin/rfc/rfc1734.html. |
| SMTP AUTH |
An ESMTP extension command that lets an SMTP client use one of several secure authentication protocols that the mail server might support to authenticate to the mail server. SMTP AUTH also supports a server-based policy that requires strong authentication mechanisms. RFC 2554 defines SMTP AUTH. You can find RFC 2554 at http://www.cis.ohio-state.edu/ htbin/rfc/rfc2554.html. |
| AUTHENTICATE |
An IMAP4 command that can support multiple secure authentication protocols. The command takes one argument: the name of an authentication protocol (e.g., IMAP-AUTH, KERBEROS_V4). The mail server begins the authentication sequence if it supports the specified protocol. The primary IMAP4 RFC, RFC 2060, describes the AUTHENTICATE command. |
| Challenge Response Authentication Mechanism using Message Digest 5 (CRAM-MD5) |
An additional authentication mechanism that you can use with the IMAP4 AUTHENTICATE command and the POP3 AUTH command. RFC 2195 describes CRAM-MD5. You can find RFC 2195 at http://www.cis.ohio-state.edu/ htbin/rfc/rfc2195.html. |
| IMAP4 AUTH |
A command that describes a collection of authentication mechanisms for use with the AUTHENTICATE command. These mechanisms include KERBEROS_V4, GSSAPI, and SKEY. RFC 1731 describes these mechanisms. You can find RFC 1731 at http://www.cis.ohio-state.edu/htbin/rfc/rfc1731.html. RFC 2222, which defines the Simple Authentication and Security Layer (SASL), also describes the IMAP4 AUTH mechanisms. |
| LOGIN |
The IMAP command that uses a plain-text user ID and password to authenticate to the mail server. |
| Simple Authentication and Security Layer (SASL) |
A method for adding authentication support to connection-based protocols. RFC 2222 describes SASL and defines several authentication mechanisms for use with SASL-based authentication. These mechanisms include KERBEROS_v4, GSSAPI, and SKEY. You can find RFC 2222 at http://www.cis.ohio-state.edu/ htbin/rfc/rfc2222.html. |
| Remote Passphrase Authentication (RPA) |
An authentication method that CompuServe POP mail servers use. |
| OTHER MAIL-RELATED PROTOCOLS |
| Protocol | Description |
|
| Application Configuration Access Protocol (ACAP) |
A client-server protocol that lets you maintain configuration settings (e.g., the host names for mail servers and the protocol) at a server. ACAP lets mail clients automatically retrieve the settings, so the user doesn't have to fill in the configuration screens manually. Eudora email clients implement a version of ACAP that isn't compatible with the standard-based protocol. RFC 2244 defines ACAP. You can find RFC 2244 at http://www.cis.ohio-state.edu/ htbin/rfc/rfc2244.html. |
| Lightweight Directory Access Protocol (LDAP) |
A client-server protocol that supports maintenance of a user directory that contains both standard and user-defined information fields. The protocol supports two-way replication of information between LDAP servers and defines syntax for querying the database. Mail servers that support LDAP typically implement only a subset of the protocol to let mail clients query the database to find names and email addresses. LDAP accepts clear-text connections on TCP port 389 and secure connections on TCP port 636. RFC 2251 defines LDAPv3. You can find RFC 2251 at http://www.cis.ohio-state.edu/ htbin/rfc/rfc2251.html. |
| Password Modification Protocol (poppwd) |
A client-server protocol that lets users change the password they use to authenticate access to the mailbox account. This protocol was first written for Eudora mail clients and has gained the support of other mail clients. However, no RFC describes poppwd, nor is the protocol an IETF standard. When you use the poppwd protocol, even if you use a secure authentication protocol to connect to your mail server, all password changes travel through the network in plain text. |