Network Working Group J. De Winter
Request for Comments: 1985 Wildbear Consulting, Inc.
Category: Standards Track August 1996
SMTP Service Extension
for Remote Message Queue Starting
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract
This memo defines an extension to the SMTP service whereby an SMTP
client and server may interact to give the server an opportunity to
start the processing of its queues for messages to go to a given
host. This extension is meant to be used in startup conditions as
well as for mail nodes that have transient connections to their
service providers.
1. Introduction
The TURN command was a valid attempt to address the problem of having
to start the processing for the mail queue on a remote machine.
However, the TURN command presents a large security loophole. As
there is no verification of the remote host name, the TURN command
could be used by a rogue system to download the mail for a site other
than itself.
Therefore, this memo introduces the ETRN command. This command uses
the mechanism defined in [4] to define extensions to the SMTP service
whereby a client ("sender-SMTP") may request that the server
("receiver-SMTP") start the processing of its mail queues for
messages that are waiting at the server for the client machine. If
any messages are at the server for the client, then the server should
create a new SMTP session and send the messages at that time.
De Winter Standards Track [Page 1]
RFC 1985 SMTP Service Extension - ETRN August 1996
2. Framework for the ETRN Extension
The following service extension is therefore defined:
(1) the name of the SMTP service extension is "Remote Queue
Processing Declaration";
(2) the EHLO keyword value associated with this extension is "ETRN",
with no associated parameters;
(3) one additional verb, ETRN, with a single parameter that
specifies the name of the client(s) to start processing for;
(4) no additional SMTP verbs are defined by this extension.
The remainder of this memo specifies how support for the extension
affects the behavior of an SMTP client and server.
3. The Remote Queue Processing Declaration service extension
To save money, many small companies want to only maintain transient
connections to their service providers. In addition, there are some
situations where the client sites depend on their mail arriving
quickly, so forcing the queues on the server belonging to their
service provider may be more desirable than waiting for the retry
timeout to occur.
Both of these situations could currently be fixed using the TURN
command defined in [1], if it were not for a large security loophole
in the TURN command. As it stands, the TURN command will reverse the
direction of the SMTP connection and assume that the remote host is
being honest about what its name is. The security loophole is that
there is no documented stipulation for checking the authenticity of
the remote host name, as given in the HELO or EHLO command. As such,
most SMTP and ESMTP implementations do not implement the TURN command
to avoid this security loophole.
This has been addressed in the design of the ETRN command. This
extended turn command was written with the points in the first
paragraph in mind, yet paying attention to the problems that
currently exist with the TURN command. The security loophole is
avoided by asking the server to start a new connection aimed at the
specified client.
In this manner, the server has a lot more certainty that it is
talking to the correct SMTP client. This mechanism can just be seen
as a more immediate version of the retry queues that appear in most
SMTP implementations. In addition, as this command will take a
De Winter Standards Track [Page 2]
RFC 1985 SMTP Service Extension - ETRN August 1996
single parameter, the name of the remote host(s) to start the queues
for, the server can decide whether it wishes to respect the request
or deny it for any local administrative reasons.
4. Definitions
Remote queue processing means that using an SMTP or ESMTP connection,
the client may request that the server start to process parts of its
messaging queue. This processing is performed using the existing
SMTP infrastructure and will occur at some point after the processing
is initiated.
The server host is the node that is responding to the ETRN
command.
The client host is the node that is initiating the ETRN command.
The remote host name is defined to be a plain-text field that
specifies a name for the remote host(s). This remote host name may
also include an alias for the specified remote host or special
commands to identify other types of queues.
5. The extended ETRN command
The extended ETRN command is issued by the client host when it wishes
to start the SMTP queue processing of a given server host. The
syntax of this command is as follows:
ETRN [