Network Working Group R. Gellens
Request for Comments: 2645 Qualcomm
Category: Standards Track August 1999
Network Working Group R. Gellens
Request for Comments: 2645 Qualcomm
Category: Standards Track August 1999
ON-DEMAND MAIL RELAY (ODMR) SMTP with Dynamic IP Addresses
具有动态IP地址的按需邮件中继(ODMR)SMTP
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
Table of Contents
目录
1. Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2. Conventions Used in this Document . . . . . . . . . . . . . . 2
3. Comments . . . . . . . . . . . . . . . . . . . . . . . . . . 2
4. Description . . . . . . . . . . . . . . . . . . . . . . . . . 2
5. States . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
5.1. Initial State . . . . . . . . . . . . . . . . . . . . . . 4
5.1.1. EHLO . . . . . . . . . . . . . . . . . . . . . . . . 4
5.1.2. AUTH . . . . . . . . . . . . . . . . . . . . . . . . 4
5.1.3. QUIT . . . . . . . . . . . . . . . . . . . . . . . . 4
5.2. Authenticated State . . . . . . . . . . . . . . . . . . . 4
5.2.1. ATRN (Authenticated TURN) . . . . . . . . . . . . . 4
5.3. Reversed State . . . . . . . . . . . . . . . . . . . . . 5
5.4. Other Commands . . . . . . . . . . . . . . . . . . . . . 6
6. Example On-Demand Mail Relay Session: . . . . . . . . . . . . 6
7. Response Codes . . . . . . . . . . . . . . . . . . . . . . . 6
8. Security Considerations . . . . . . . . . . . . . . . . . . . 6
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 7
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
11. Author's Address . . . . . . . . . . . . . . . . . . . . . 8
12. Full Copyright Statement . . . . . . . . . . . . . . . . . . 9
1. Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2. Conventions Used in this Document . . . . . . . . . . . . . . 2
3. Comments . . . . . . . . . . . . . . . . . . . . . . . . . . 2
4. Description . . . . . . . . . . . . . . . . . . . . . . . . . 2
5. States . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
5.1. Initial State . . . . . . . . . . . . . . . . . . . . . . 4
5.1.1. EHLO . . . . . . . . . . . . . . . . . . . . . . . . 4
5.1.2. AUTH . . . . . . . . . . . . . . . . . . . . . . . . 4
5.1.3. QUIT . . . . . . . . . . . . . . . . . . . . . . . . 4
5.2. Authenticated State . . . . . . . . . . . . . . . . . . . 4
5.2.1. ATRN (Authenticated TURN) . . . . . . . . . . . . . 4
5.3. Reversed State . . . . . . . . . . . . . . . . . . . . . 5
5.4. Other Commands . . . . . . . . . . . . . . . . . . . . . 6
6. Example On-Demand Mail Relay Session: . . . . . . . . . . . . 6
7. Response Codes . . . . . . . . . . . . . . . . . . . . . . . 6
8. Security Considerations . . . . . . . . . . . . . . . . . . . 6
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 7
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
11. Author's Address . . . . . . . . . . . . . . . . . . . . . 8
12. Full Copyright Statement . . . . . . . . . . . . . . . . . . 9
With the spread of low-cost computer systems and Internet connectivity, the demand for local mail servers has been rising. Many people now want to operate a mail server on a system which has
随着低成本计算机系统和互联网连接的普及,对本地邮件服务器的需求一直在上升。现在,许多人希望在一个具有
only an intermittent connection to a service provider. If the system has a static IP address, the ESMTP ETRN command [ETRN] can be used. However, systems with dynamic IP addresses (which are very common with low-cost connections) have no widely-deployed solution.
只有与服务提供商的间歇性连接。如果系统具有静态IP地址,则可以使用ESMTP ETRN命令[ETRN]。但是,具有动态IP地址(这在低成本连接中非常常见)的系统没有广泛部署的解决方案。
This memo proposes a new service, On-Demand Mail Relay (ODMR), which is a profile of SMTP [SMTP, ESMTP], providing for a secure, extensible, easy to implement approach to the problem.
这份备忘录提出了一种新的服务,即按需邮件中继(ODMR),它是SMTP[SMTP,ESMTP]的一种配置文件,为解决该问题提供了一种安全、可扩展、易于实现的方法。
Because the client and server roles reverse during the session, to avoid confusion, the terms "customer" and "provider" will be used in place of "client" and "server", although of course this protocol may be useful in cases other than commercial service providers and customers.
由于客户机和服务器角色在会话过程中发生逆转,为了避免混淆,将使用术语“客户”和“提供商”代替“客户机”和“服务器”,当然,该协议在商业服务提供商和客户以外的情况下可能有用。
In examples, "P:" is used to indicate lines sent by the provider, and "C:" indicates those sent by the customer. Line breaks within a command are for editorial purposes only.
在示例中,“P:”表示提供者发送的行,“C:”表示客户发送的行。命令中的换行符仅用于编辑目的。
The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY" in this document are to be interpreted as defined in [KEYWORDS].
本文件中的关键词“必须”、“不得”、“应该”、“不应该”和“可能”应按照[关键词]中的定义进行解释。
Examples use 'example.net' as the provider, and 'example.org' and ' example.com' as the customers.
示例使用“example.net”作为提供者,“example.org”和“example.com”作为客户。
Private comments should be sent to the author. Public comments may be sent to the IETF Disconnected SMTP mailing list, <ietf-disconn-smtp@imc.org>. To subscribe, send a message to <ietf-disconn-smtp-request@imc.org> containing the word SUBSCRIBE as the body.
私人评论应发送给作者。公共评论可以发送到IETF断开连接的SMTP邮件列表,<IETF DISCON-smtp@imc.org>. 要订阅,请将消息发送到<ietf DISCON smtp-request@imc.org>包含单词SUBSCRIBE作为主体的。
On-Demand Mail Relay is a restricted profile of SMTP [SMTP, ESMTP]. Port 366 is reserved for On-Demand Mail Relay. The initial client and server roles are short-lived, as the point is to allow the intermittently-connected host to request mail held for it by a service provider.
按需邮件中继是SMTP[SMTP,ESMTP]的受限配置文件。端口366保留用于按需邮件中继。最初的客户端和服务器角色是短暂的,因为关键是允许间歇性连接的主机请求服务提供商为其持有的邮件。
The customer initiates a connection to the provider, authenticates, and requests its mail. The roles of client and server then reverse, and normal SMTP [SMTP, ESMTP] proceeds.
客户发起与提供商的连接,验证并请求其邮件。然后,客户机和服务器的角色颠倒,正常的SMTP[SMTP,ESMTP]继续。
The provider has an On-Demand Mail Relay process listening for connections on the ODMR port. This process does not need to be a full SMTP server. It does need to be an SMTP client with access to the outgoing mail queues, and as a server implement the EHLO, AUTH, ATRN, and QUIT commands.
提供程序有一个按需邮件中继进程,用于侦听ODMR端口上的连接。此进程不需要是完整的SMTP服务器。它确实需要是一个能够访问传出邮件队列的SMTP客户端,并且作为一个服务器实现EHLO、AUTH、ATRN和QUIT命令。
An MTA normally has a mail client component which processes the outgoing mail queues, attempting to send mail for particular domains, based on time or event (such as new mail being placed in the queue, or receipt of an ETRN command by the SMTP server component). The On-Demand Mail Relay service processes the outgoing queue not on a timer or new mail creation, but on request.
MTA通常有一个邮件客户端组件,该组件根据时间或事件(如队列中放置的新邮件,或SMTP服务器组件收到的ETRN命令)处理传出邮件队列,尝试为特定域发送邮件。随需应变邮件中继服务不是在计时器或新邮件创建上处理传出队列,而是在请求时处理。
The provider side has normal SMTP server responsibilities [SMTP], including generation of delivery failure notices, etc. as needed.
提供方具有正常的SMTP服务器职责[SMTP],包括根据需要生成传递失败通知等。
The On-Demand Mail Relay service has three states: an initial state, an authenticated state, and a reversed state. The state progression is illustrated in the following diagram:
按需邮件中继服务有三种状态:初始状态、已验证状态和反向状态。状态进程如下图所示:
---------------------------
! initial state !
---------------------------
! !
QUIT AUTH
! !
! V
! -----------------------
! ! authenticated state !
! -----------------------
! ! !
! QUIT ATRN
! ! !
! ! V
! ! ------------------
! ! ! reversed state !
! ! ------------------
! ! !
! ! QUIT
! ! !
V V V
---------------------
! termination !
---------------------
---------------------------
! initial state !
---------------------------
! !
QUIT AUTH
! !
! V
! -----------------------
! ! authenticated state !
! -----------------------
! ! !
! QUIT ATRN
! ! !
! ! V
! ! ------------------
! ! ! reversed state !
! ! ------------------
! ! !
! ! QUIT
! ! !
V V V
---------------------
! termination !
---------------------
(Note that in the reversed state, commands are sent by the provider, not the customer.)
(请注意,在反向状态下,命令由提供程序发送,而不是由客户发送。)
In the initial state, the provider is the server and the customer is the client. Three commands are valid: EHLO, AUTH, and QUIT.
在初始状态下,提供者是服务器,客户是客户端。有三个命令有效:EHLO、AUTH和QUIT。
The EHLO command is the same as in [ESMTP]. The response MUST include AUTH and ATRN.
EHLO命令与[ESMTP]中的命令相同。响应必须包括AUTH和ATRN。
The AUTH command is specified in [AUTH]. The AUTH command uses a [SASL] mechanism to authenticate the session. The session is not considered authenticated until a success response to AUTH has been sent.
AUTH命令在[AUTH]中指定。AUTH命令使用[SASL]机制对会话进行身份验证。在发送对AUTH的成功响应之前,会话不会被视为已验证。
For interoperability, implementations MUST support the CRAM-MD5 mechanism [CRAM]. Other SASL mechanisms may be supported. A site MAY disable CRAM-MD5 support if it uses more secure methods. The EXTERNAL mechanism [SASL] might be useful in some cases, for example, if the provider has already authenticated the client, such as during a PPP connection.
为了实现互操作性,实现必须支持CRAM-MD5机制[CRAM]。可能支持其他SASL机制。如果使用更安全的方法,站点可能会禁用CRAM-MD5支持。外部机制[SASL]在某些情况下可能有用,例如,如果提供者已经对客户端进行了身份验证,例如在PPP连接期间。
The QUIT command is the same as in [SMTP].
QUIT命令与[SMTP]中的命令相同。
The authenticated state is entered after a successful AUTH command. Two commands are valid in the authenticated state: ATRN and QUIT.
成功执行AUTH命令后,将进入已验证状态。两个命令在经过身份验证的状态下有效:ATRN和QUIT。
Unlike the TURN command in [SMTP], the ATRN command optionally takes one or more domains as a parameter. The ATRN command MUST be rejected if the session has not been authenticated. Response code 530 [AUTH] is used for this.
与[SMTP]中的TURN命令不同,ATRN命令可以选择将一个或多个域作为参数。如果会话尚未通过身份验证,则必须拒绝ATRN命令。响应代码530[AUTH]用于此。
The timeout for this command MUST be at least 10 minutes to allow the provider time to process its mail queue.
此命令的超时时间必须至少为10分钟,以便提供程序有时间处理其邮件队列。
An ATRN command sent with no domains is equivalent to an ATRN command specifying all domains to which the customer has access.
不带域发送的ATRN命令相当于指定客户有权访问的所有域的ATRN命令。
If the authentication used by the customer does not provide access to all of the domains specified in ATRN, the provider MUST NOT send mail for any domains to the customer; the provider MUST reject the ATRN command with a 450 code.
如果客户使用的身份验证无法访问ATRN中指定的所有域,则提供商不得向客户发送任何域的邮件;提供程序必须以450代码拒绝ATRN命令。
If the customer does have access to all of the specified domains, but none of them have any queued mail, the provider normally rejects the ATRN command with response code 453. The provider MAY instead issue a 250 success code, and after the roles are reversed, send a QUIT following the EHLO.
如果客户确实可以访问所有指定的域,但其中没有一个域具有任何排队邮件,则提供程序通常会拒绝响应代码为453的ATRN命令。提供者可能会发出一个250成功代码,在角色颠倒后,在EHLO之后发送一个QUIT。
The provider MAY also reject the ATRN command with a 450 response to indicate refusal to accept multiple requests issued within a particular time interval.
提供者还可以使用450响应来拒绝ATRN命令,以指示拒绝接受在特定时间间隔内发出的多个请求。
If the customer has access to all of the specified domains and mail exists in at least one of them, the provider issues a 250 success code.
如果客户可以访问所有指定的域,并且其中至少有一个域中存在邮件,则提供商将发出250个成功代码。
If the server is unable to verify access to the requested domains (for example, a mapping database is temporarily unavailable), response code 451 is sent.
如果服务器无法验证对请求域的访问(例如,映射数据库暂时不可用),则发送响应代码451。
[ABNF] for ATRN:
[ABNF]对于ATRN:
atrn = "ATRN" [SP domain *("," domain)]
atrn=“atrn”[SP域*(“,”域)]
domain = sub-domain 1*("." sub-domain)
域=子域1*(“”子域)
sub-domain = (ALPHA / DIGIT) *(ldh-str)
sub-domain = (ALPHA / DIGIT) *(ldh-str)
ldh-str = *(ALPHA / DIGIT / "-") (ALPHA / DIGIT)
ldh-str = *(ALPHA / DIGIT / "-") (ALPHA / DIGIT)
After the provider has sent a success reply to the ATRN command, the roles reverse, and the customer becomes the server, and the provider becomes the client.
提供程序向ATRN命令发送成功回复后,角色将反转,客户将成为服务器,提供程序将成为客户端。
After receiving the success response to ATRN, the customer sends a standard SMTP initial greeting line. At this point normal SMTP [SMTP, ESMTP] commands are used. Typically the provider sends EHLO after seeing the customer's greeting, to be followed by MAIL FROM and so on.
收到ATRN的成功响应后,客户发送标准SMTP初始问候语。此时,将使用正常的SMTP[SMTP,ESMTP]命令。通常,提供商在看到客户的问候语后发送EHLO,然后再发送邮件等。
The provider MAY reject all commands other than EHLO, AUTH, ATRN, and QUIT with response code 502.
提供程序可以拒绝除EHLO、AUTH、ATRN之外的所有命令,并以响应代码502退出。
P: 220 EXAMPLE.NET on-demand mail relay server ready
C: EHLO example.org
P: 250-EXAMPLE.NET
P: 250-AUTH CRAM-MD5 EXTERNAL
P: 250 ATRN
C: AUTH CRAM-MD5
P: 334 MTg5Ni42OTcxNzA5NTJASVNQLkNPTQo=
C: Zm9vYmFyLm5ldCBiOTEzYTYwMmM3ZWRhN2E0OTViNGU2ZTczMzRkMzg5MAo=
P: 235 now authenticated as example.org
C: ATRN example.org,example.com
P: 250 OK now reversing the connection
C: 220 example.org ready to receive email
P: EHLO EXAMPLE.NET
C: 250-example.org
C: 250 SIZE
P: MAIL FROM: <Lester.Tester@dot.foo.bar>
C: 250 OK
P: RCPT TO: <l.eva.msg@example.com>
C: 250 OK, recipient accepted
...
P: QUIT
C: 221 example.org closing connection
P: 220 EXAMPLE.NET on-demand mail relay server ready
C: EHLO example.org
P: 250-EXAMPLE.NET
P: 250-AUTH CRAM-MD5 EXTERNAL
P: 250 ATRN
C: AUTH CRAM-MD5
P: 334 MTg5Ni42OTcxNzA5NTJASVNQLkNPTQo=
C: Zm9vYmFyLm5ldCBiOTEzYTYwMmM3ZWRhN2E0OTViNGU2ZTczMzRkMzg5MAo=
P: 235 now authenticated as example.org
C: ATRN example.org,example.com
P: 250 OK now reversing the connection
C: 220 example.org ready to receive email
P: EHLO EXAMPLE.NET
C: 250-example.org
C: 250 SIZE
P: MAIL FROM: <Lester.Tester@dot.foo.bar>
C: 250 OK
P: RCPT TO: <l.eva.msg@example.com>
C: 250 OK, recipient accepted
...
P: QUIT
C: 221 example.org closing connection
The response codes used in this document are:
本文件中使用的响应代码为:
250 Requested mail action okay, completed 450 ATRN request refused 451 Unable to process ATRN request now 453 You have no mail 502 Command not implemented 530 Authentication required [AUTH]
250请求邮件操作正常,已完成450 ATRN请求被拒绝451现在无法处理ATRN请求453您没有邮件502命令未执行530需要身份验证[AUTH]
Because access to the On-Demand Mail Relay server is only useful with a prior arrangement between the parties (so the provider is the target of MX records for the customer's domains and thus has mail to relay), it may be useful for the provider to restrict access to the On-Demand Mail Relay port. For example, the ODMR server could be
由于对随需应变邮件中继服务器的访问仅在双方事先约定的情况下才有用(因此,提供商是客户域MX记录的目标,因此具有邮件到中继),因此提供商限制对随需应变邮件中继端口的访问可能有用。例如,ODMR服务器可以是
configurable, or a TCP wrapper or firewall could be used, to block access to port 366 except within the provider's network. This might be useful when the provider is the customer's ISP. Use of such mechanisms does not reduce the need for the AUTH command, however, but can increase the security it provides.
可配置,或者可以使用TCP包装器或防火墙来阻止对端口366的访问,提供商网络内除外。当提供商是客户的ISP时,这可能很有用。然而,使用这种机制并不能减少对AUTH命令的需要,但可以提高它提供的安全性。
Use of SASL in the AUTH command allows for substitution of more secure authentication mechanisms in the future.
在AUTH命令中使用SASL允许将来替换更安全的身份验证机制。
See sections 5.1.2 and 5.2.1 for additional security details.
更多安全细节见第5.1.2节和第5.2.1节。
This memo has been developed in part based on comments and discussions which took place on and off the IETF-disconn-smtp mailing list. Special thanks to Chris Newman and Ned Freed for their comments.
本备忘录部分基于IETF DISCON smtp邮件列表内外的评论和讨论。特别感谢Chris Newman和Ned Freed的评论。
[ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, November 1997.
[ABNF]Crocker,D.和P.Overell,“语法规范的扩充BNF:ABNF”,RFC 2234,1997年11月。
[AUTH] Myers, J., "SMTP Service Extension for Authentication", RFC 2554, March 1999.
[AUTH]Myers,J.,“用于身份验证的SMTP服务扩展”,RFC2554,1999年3月。
[CRAM] Klensin, J., Catoe, R. and P. Krumviede, "IMAP/POP AUTHorize Extension for Simple Challenge/Response", RFC 2195, September 1997.
[CRAM]Klensin,J.,Catoe,R.和P.Krumviede,“简单挑战/响应的IMAP/POP授权扩展”,RFC 21951997年9月。
[ESMTP] Klensin, J., Freed, N., Rose, M., Stefferud, E. and D. Crocker, "SMTP Service Extensions", RFC 1869, November 1995.
[ESMTP]Klensin,J.,Freed,N.,Rose,M.,Stefferud,E.和D.Crocker,“SMTP服务扩展”,RFC 18691995年11月。
[ETRN] De Winter, J., "SMTP Service Extension for Remote Message Queue Starting", RFC 1985, August 1996.
[ETRN]De Winter,J.,“远程消息队列启动的SMTP服务扩展”,RFC 1985,1996年8月。
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[关键词]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[SASL] Myers, J., "Simple Authentication and Security Layer (SASL)", RFC 2222, October 1997.
[SASL]迈尔斯,J.,“简单认证和安全层(SASL)”,RFC22221997年10月。
[SMTP] Postel, J., "Simple Mail Transfer Protocol", STD 10, RFC 821, August 1982.
[SMTP]Postel,J.,“简单邮件传输协议”,STD 10,RFC 8211982年8月。
Randall Gellens QUALCOMM Incorporated 5775 Morehouse Dr. San Diego, CA 92121-2779 U.S.A.
Randall Gellens高通公司5775 Morehouse Dr.San Diego,CA美国92121-2779。
Phone: +1.619.651.5115
EMail: randy@qualcomm.com
Phone: +1.619.651.5115
EMail: randy@qualcomm.com
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。