ietf
[Top] [All Lists]

Re: SMTP question - a session containing multiple transactions

2012-04-24 07:39:39
Dave Crocker <dhc(_at_)dcrocker(_dot_)net> wrote:
On 4/20/2012 9:51 PM, John Levine wrote:

The longer answer is that thirty years ago, in RFC 821 there was a
TURN command which does what you suggest, switches the roles of the
two ends of the SMTP session.  But that turns out to be a giant
security hole, since a bad guy A' could steal mail by connecting to B
while pretending to be A, doing a TURN, and collecting mail intended
for A.  So SMTP servers don't do that any more.

check out ETRN.
   http://en.wikipedia.org/wiki/Extended_SMTP#ETRN

ETRN effectively just triggers a queue run on the server (B) for messages
destined for the client (A); the deliveries are done using new connections
in the same way as if the queue run had been automatically triggered.

There is also the ATRN (authenticated turn) command used by ODMR
(on-demand mail relay, RFC 2645) which is an ESMTP variant run on a
different port. The main difference between TURN and ATRN is that ATRN
requires a preceding AUTH command which the server uses to determine which
domains the client may request mail for. Unlike ETRN, ATRN uses the same
connection in the reverse direction for mail delivery.

Tony.
-- 
f.anthony.n.finch  <dot(_at_)dotat(_dot_)at>  http://dotat.at/
Shannon: Northwesterly 5 or 6, backing southwesterly 4 or 5, backing easterly
or northeasterly 5 to 7, occasionally gale 8 in south later. Rough or very
rough, becoming moderate or rough. Rain or showers. Moderate or good.