📧

Notes on SMTP Conversation and ESA Pipeline

Jul 10, 2024

View transcript

SMTP Conversation and ESA Pipeline

Introduction

  • Presenter: Katherine P.
  • Topics Covered: SMTP conversation, ESA pipeline

Definitions and Terminology

SMTP (Simple Mail Transfer Protocol)

  • Protocol for sending email.

Key Terms

  1. MTA (Mail Transfer Agent)

    • Receives and sends emails.
    • Example: Cisco ESA box.

  2. Groupware Server

    • Corporate email server (e.g., Microsoft Exchange Server).

  3. SMTP Server

    • Any server that can receive an incoming connection for email on port 25.
    • Exchange and ESA are SMTP servers.

  4. SMTP Client

    • Opens a session on an SMTP server, usually on port 25.
    • Examples: Outlook (also a Mail User Agent), Thunderbird.

  5. Mail User Agent (MUA)

    • Interface used by clients to send/receive emails (e.g., Outlook, Thunderbird).

  6. MX Record

    • DNS record specifying the mail transfer agent for a domain.
    • Example: mx.cisco.com

  7. A Record

    • DNS lookup to find the IP address associated with an MX record.

Stages of Email Delivery

  1. User sends Email

  2. First Query by Exchange Box/MTA

    • Extract domain (e.g., cisco.com).
    • Perform DNS query for MX record.

  3. Receive MX Record

    • DNS server replies with mail transfer agent's hostname (e.g., mx.cisco.com).

  4. Second Query (A Record)

    • Perform normal DNS lookup (NS lookup) for email server IP.

  5. Proceed with SMTP Connection

    • Establish connection once IP is known.
    • Perform TCP three-way handshake.
    • ESA processes incoming TCP requests.
    • Accept email, process, and forward to internal mail server.

SMTP Conversation

  • Exchange server at securex tries to connect with ESA.
  • Stages:
    1. TCP Handshake (Layer 4 of OSI model)
    2. Application Layer Activity (Layer 7 of OSI model)

Parts of Email

  1. Envelope

    • Introduces MTAs.

  2. Header

    • Who sent it, who receives it, subject.

  3. Body

    • Main content of the email.

SMTP Connection Codes

  • 220: Service ready.
  • 250: Action ok and completed.
  • 300: Waiting for more information.
  • 500: Error.
  • 221: Service closing.

ESA Pipeline

  • ESA listens on port 25, acting as an SMTP server.
  • Process aims to clean email from spam and other threats.
  • Successfully processed emails are delivered using the ESA SMTP client.

Flowcharts and Diagrams

  • Various flowcharts used to illustrate the process.
  • Examples: Pipeline flowchart targeting specific issues like grey mail, anti-phishing.

Conclusion

  • Overview of SMTP conversation and ESA pipeline.
  • Introduction to terms and stages of email processing.

Full transcript