welcome my name is Katherine P let's talk about SMTP conversation and Esa pipeline SMTP stands for simple male transfer protocol let's go through a glossery of some terminology we will see actually in this recording one of the terminology we will talk about during this recording and all recording for this class is MTA which is maale transfer agent and male transfer agent the esa is a male transfer agent so it's a box that receives email and sends out email groupware server is another expression we'll see on topog topog topologies during this video and it's um think about your Microsoft Exchange Server so it's your Corporate email server SMTP server well that would be an exchange server but in a sense it would be any box that is able to receive an incoming connection for the purpose of email on its Port usually 25 so the esa is a mail server exchange is an email server because they are listening on Port 25 SMTP client that would be the clients we're using to open up a session on a SMTP server so you can think of let's say Outlook Outlook is a male user agent but it is also a SMTP client if it would be sending email using Port 25 so anything that points to server and the server is0 25 is a SMTP client male user agent like Outlook might be sending out email out on Port 25 or maybe some other spe special ports that you might be using so but but this the male user agent that would be more the graphical user interface could be Thunderbird could be um uh also Outlook which is using graphical user interface to send out mail MX record MX record is a record located on the DNS server that will say what is the name of the mail transfer agent for that organization so let's say that my mail server here sees an email and the email is addressed to guy cisco.com well your Exchange Server that is here needs to actually find out what is the MX record for the domain cisco.com and the answer might be back well the mail transfer agent for cisco.com happens to be mail. cisco.com so what's the MX record is when we query a DNS server to find out what's the male transfer agent for a specific domain the DNS server will reply with the name of that mail the host name of the mail transfer agent for that organization which means that the outbound mail server will need MTA will then need to say okay what is the address associated with men . cisco.com and querying for the email the address associated with this domain name this is called a a record a a record that's what we query for when we are doing a NS lookup so let's look at the different stage of stages of an email delivery you have a user over here and that's that this user is at secure X public and he sends out an email and the email that he's sending is addressed to admin cisco.com so he takes his email and he sends it to is MTA mail transfer agent is MTA might be maybe like an exchange box on his Network so The Exchange box or the MTA receives an email and sees that the email is addressed to anmin cisco.com that MTA will then extract the domain which is cisco.com and will perform its first query and the first query that it's going to perform will be for the MX record it's going to perform a query to the DNS server and say DNS server what is the host name of the mail transfer agent responsible for cisco.com and the DNS server will then reply say the mail transfer agent host name for Cisco is mx. cisco.com your Exchange Server that is here will perform a second DNS request and this time will be for the a record and that's a normal NS lookup request and it's going to say what is the email address associated with mx. cisco.com and we'll then receive the IP address once your exchange server has the IP address it will then be able to proceed with the sntp connection it will go to Cisco Esa because in the DNS record we had published that for the organization cisco.com their mail transfer agent was the address over here9 so 159 receives actually the incoming TCP three-way handshake request coming from the mail server of secure x.u your Esa will go will put that email through all the Hoops eventually will accept the email process it sends it to your internal mail server who will then deliver it to the recipient so we have here the actual s SNMP SMTP conversation simple full mail transport protocol transfer protocol and we'll see actually at over here the SMTP what's happening during this conversation so we have our exchange server at securex that is trying to connect with our ESC over here the first thing that it's going to do it's going to perform actually uh so there's four stages as we can see here we'll do the TCP handshake during the three-way handshake and during the three-way handshake we will see that later on in a recording but the esa right away will have a chance to see who is trying to establish a TCP connection on my ESA for its Port 25 so it's coming on TCP Port 25 and decide actually is this a reputable Source or not let's say in this case this is a good reputable Source following the three-way in Shake which takes place at layer four of the OSI model we will then then go into the application so we're looking more at layer seven of the OSI model over here there's three special three part to receiving an email there's the envelope Eder and body with the envelope actually we are simply introducing the two mtas to each other so we have here like a code 220 after the three-way in shake and 3 220 the 200 means it's all good 300 means I need more information or I'm waiting for something and the 500 is usually it's an error not usually 500 is an error so in this case we see here that the Cisco server send back a two 20 220 means actually that the service is ready service is ready so the sending MTA will send its host name followed by Cisco confirmation so a 550 is action okay and completed I hear you I got your host name I agree with it and then we are starting to say who are we sending the email from and who is sending the email and to whom so we have the from mail so who is the name of the sender of that email followed by who is the recip the followed by 250 which is okay completed move on so again the 250 means that my Cisco say say yeah I see uh I agree that who you're sending it to uh sorry who is sending that email let me just clean this here so we are saying okay I see who is sending it followed by the recipient so the recipient this email is address to admin at Cisco and my mail server says yeah I agree that I can get an email I will accept an email going to admin cisco.com and then the data start the the data is the actual email per se the email has two portion you know when you open open your email in Outlook or in Gmail and at the top you see who it's from what's uh who it's going to and the subject well what you're looking at as actually the header you don't really see as a user we don't really see of the envelope unless like in Gmail you can go and say show me the whole message and then you'll see them the message like can ask you format in all the detail so typically we don't get to see the envelope what we see is the header and the header will have who is it from um who is it going subject and the date other stuff that we can see actually in the header would be what we call the X adders more on this coming up but every time the uh your Cisco Esa takes an action on an email let's say it went through a antivirus well you can have your Cisco WEA add actually an an entry saying that this email was seen by antivirus now the user will not see that when you look in Outlook but the advantage of adding an extended Eder is that we will be able to do a search on a specific email and say hey Esa show me all the email that you process through NT virus between 9 and 10 p.m. and finally we have the actual body of the email and according to rfc822 an email will be finished the body of the email will be finished when we have a DOT on a single line on which case that the receiving end will say 250 we know by now that 250 means action okay and completed the sending server will say quit and or could actually decide to send more email but let's say that's the only one that secure X has to send so we're secure XS quit and the Cisco server will reply with a 221 and the 221 means service closing so what we're looking at here is what we call the email Pipeline with the email pipeline is all the Hoops that your email will have to go through by the time you're receiving the email and you're delivering it to The Exchange Server Corporate Exchange Server the three big Ideas here that we have to think about is that your Esa is listening on Port 25 so it's acting as a es SMTP server it will be then processing that email to clean it to make sure there's no an spam on it and finally if the email is good it will then go and deliver it using its SMTP client the pipeline we're looking at here that's the literal pipeline so if you read the esa user guide this is the one you're going to see over here it's organized in a little bit more userfriendly where some aspect has been regrouped together this particular pipeline is the pipeline I will be using on most videos to explain to you which process we will be focusing on on that specific recording this is actually another way of presenting the pipeline that I will be using during these recording where we see more specifically the Hoops that the email will go through but what are those Hoops targeting so if I give you an example what is grey mail well GRE mail is targeting marketing mail and it's also trying to protect us against anti fishing so again this particular flow I will be flowchart I will be actually using it during the next recording and we'll tell you what we are specifically focusing on in that specific recording so thank you very much for attending this recording where we reviewed actually the SMTP conversation and we also introduced the concept of the esa pipeline