Network Working Group                                         R. Gellens
Request for Comments: 4146                                      QUALCOMM
Category: Informational                                      August 2005
        
Network Working Group                                         R. Gellens
Request for Comments: 4146                                      QUALCOMM
Category: Informational                                      August 2005
        

Simple New Mail Notification

简单的新邮件通知

Status of This Memo

关于下段备忘

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2005).

版权所有(C)互联网协会(2005年)。

Abstract

摘要

This memo documents a long-standing technique, supported by a large number of mail servers, which allows users to be notified of new mail. In addition to server support, there are a number of clients that support this, ranging from full email clients to specialized clients whose only purpose is to receive new mail notifications and alert a mail client.

此备忘录记录了一项长期存在的技术,该技术由大量邮件服务器支持,允许用户收到新邮件的通知。除服务器支持外,还有许多客户端支持此功能,从完整的电子邮件客户端到专门的客户端,其唯一目的是接收新邮件通知并向邮件客户端发出警报。

In brief, the server sends the string "nm_notifyuser" CRLF to the finger port on the IP address (either configured or last used) of the user who has received new mail.

简言之,服务器将字符串“nm_notifyuser”CRLF发送到接收新邮件的用户的IP地址(已配置或上次使用)上的finger端口。

Table of Contents

目录

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . .  2
   2.  Conventions Used in this Document . . . . . . . . . . . . . . 2
   3.  Simple Mail Notification . . . . . . . . . . . . . . . . . .  2
   4.  Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
   5.  Security Considerations  . . . . . . . . . . . . . . . . . .  3
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3
   7.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . .  3
        
   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . .  2
   2.  Conventions Used in this Document . . . . . . . . . . . . . . 2
   3.  Simple Mail Notification . . . . . . . . . . . . . . . . . .  2
   4.  Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
   5.  Security Considerations  . . . . . . . . . . . . . . . . . .  3
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3
   7.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . .  3
        
1. Introduction
1. 介绍

There is a long-standing technique supported by a large number of mail servers that allows users to be notified of new mail. In addition to server support, there are a number of clients that support this, ranging from full email clients to specialized clients whose only purpose is to receive new mail notifications and alert a mail client. This technique is sometimes known as "notify mail" (after a shareware client of the same name), "biff", and the "finger hack".

大量邮件服务器支持一种长期存在的技术,允许用户收到新邮件的通知。除服务器支持外,还有许多客户端支持此功能,从完整的电子邮件客户端到专门的客户端,其唯一目的是接收新邮件通知并向邮件客户端发出警报。这种技术有时被称为“通知邮件”(在同名共享软件客户端之后)、“biff”和“手指黑客”。

2. Conventions Used in This Document
2. 本文件中使用的公约

In examples, "C:" indicates lines sent by the client, and "S:" indicates those sent by the server. Line breaks within a command example are for editorial purposes only. Line breaks in the protocol are indicated by "CRLF".

在示例中,“C:”表示客户端发送的行,“S:”表示服务器发送的行。命令示例中的换行符仅用于编辑目的。协议中的换行符用“CRLF”表示。

3. Simple Mail Notification
3. 简单邮件通知

With this technique, the server sends the string "nm_notifyuser" immediately followed by CRLF to the finger port on the IP address for the user who has received new mail. The finger port is 79. Note that only the port for finger is used; the finger protocol itself is not used.

使用这种技术,服务器将字符串“nm_notifyuser”紧接着CRLF发送到接收新邮件的用户的IP地址上的finger端口。手指端口是79。请注意,仅使用finger的端口;未使用finger协议本身。

The IP address to use may be configured, or the server may use the IP address that was last used to check mail by the user. Typically, this is a per-account configuration option.

可以配置要使用的IP地址,或者服务器可以使用用户上次用于检查邮件的IP地址。通常,这是每个帐户的配置选项。

On the client system, a process must be listening to the finger port to be useful. When it receives the "nm_notifyuser" string, it takes a configured action, typically instructing a mail client to fetch mail.

在客户端系统上,进程必须侦听finger端口才能发挥作用。当它收到“nm_notifyuser”字符串时,它将执行一个配置的操作,通常指示邮件客户端提取邮件。

Normally, a TCP connection to the target computer is opened, the "nm_notifyuser" string is sent, and the connection is closed without waiting for a response.

通常,与目标计算机的TCP连接打开,发送“nm_notifyuser”字符串,连接关闭而不等待响应。

In some cases, UDP is used instead of TCP, but the default and general practice is TCP. Even though only a single message in one direction is sent (with no reply), TCP is used most often, probably for reliability.

在某些情况下,使用UDP代替TCP,但默认和一般做法是TCP。即使只向一个方向发送一条消息(没有回复),TCP也是最常用的,可能是为了可靠性。

There is an assumption that the client listening on an IP address only has responsibility for one email account. If a client can check multiple accounts and receives the "nm_notifyuser" string, it does not know which account received the mail.

假设在IP地址上侦听的客户端只负责一个电子邮件帐户。如果客户端可以检查多个帐户并收到“nm_notifyuser”字符串,则它不知道哪个帐户收到了邮件。

There is a requirement that a finger daemon not be active on the client.

要求finger守护进程在客户端上不处于活动状态。

4. Example
4. 实例

This example assumes that new mail has arrived at the server mail.isp.example.com for account fastness@example.net. The server has determined an IP address to which notification should be sent.

此示例假定新邮件已到达服务器mail.isp.example.com以进行帐户fastness@example.net. 服务器已确定通知应发送到的IP地址。

      C: <listens on TCP port 79>
      S: <opens TCP connection to IP address port 79>
      C: <accepts inbound connection on port 79>
      S: nm_notifyuserCRLF
      S: <closes TCP connection>
        
      C: <listens on TCP port 79>
      S: <opens TCP connection to IP address port 79>
      C: <accepts inbound connection on port 79>
      S: nm_notifyuserCRLF
      S: <closes TCP connection>
        
5. Security Considerations
5. 安全考虑

There is no assurance that the "nm_notifyuser" message is being sent to the correct IP address. Nor does the listening agent on the client system have any assurance that an "nm_notifyuser" string was sent by a mail server that has received new mail for the user.

无法保证“nm_notifyuser”消息被发送到正确的IP地址。客户端系统上的侦听代理也不能保证“nm_notifyuser”字符串是由接收到用户新邮件的邮件服务器发送的。

It is trivial for an attacker to send large numbers of "nm_notifyuser" messages to a targeted system. Client systems that are listening for this message SHOULD implement protections against being flooded with notifications. Many server systems already implement protections against users logging in and checking mail too frequently.

攻击者向目标系统发送大量“nm_notifyuser”消息是很平常的。正在侦听此消息的客户端系统应实现防止通知泛滥的保护。许多服务器系统已经实施了保护措施,防止用户过于频繁地登录和检查邮件。

Because use of this protocol requires that a port be open with an agent listening on it, if that agent contains vulnerabilities, it may create a remotely exploitable attack (for example, buffer overflows that permit an attacker to execute arbitrary code on the client system with the permissions of the agent). As usual, with a process listening on a port, the process should execute with the least possible privilege level and access.

由于使用此协议需要打开端口并有代理在其上侦听,因此如果该代理包含漏洞,则可能会创建可远程利用的攻击(例如,缓冲区溢出,允许攻击者使用代理的权限在客户端系统上执行任意代码)。通常,当进程侦听端口时,该进程应以尽可能低的权限级别和访问权限执行。

6. IANA Considerations
6. IANA考虑

The notify mail hack (and this document) should be included as an additional usage for port 79.

notify mail hack(以及本文档)应作为端口79的附加用法包括在内。

7. Acknowledgments
7. 致谢

The NotifyMail shareware utility was written by Scott Gruby.

NotifyMail共享软件实用程序由Scott Gruby编写。

Author's Address

作者地址

Randall Gellens QUALCOMM Incorporated 6455 Lusk Blvd. San Diego, CA 92121-2779 USA EMail: randy@qualcomm.com

Randall Gellens高通公司卢斯克大道6455号。加利福尼亚州圣地亚哥92121-2779美国电子邮件:randy@qualcomm.com

Full Copyright Statement

完整版权声明

Copyright (C) The Internet Society (2005).

版权所有(C)互联网协会(2005年)。

This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.

本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Intellectual Property

知识产权

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.

IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.

Acknowledgement

确认

Funding for the RFC Editor function is currently provided by the Internet Society.

RFC编辑功能的资金目前由互联网协会提供。