(Latest revision 12/29/2000)
Understanding How Computers Transmit E-Mail
CS 3000 -- Lab Assignment #3
This is a lab on how to send mail by connecting directly to the
mail transmission port (sendmail port) on a Unix host.
Generally, software that transports mail uses a client/server
protocol. This lab will familiarize you with such a protocol
-- the one used by the sendmail program. You will also find out
that it can be easy to pretend you are somebody else when you
send e-mail.
Try the steps illustrated below except send the mail to
yourself at some host, not to me at ishi. (You may not be able
to see the log entries because of the way things are set up on
your Sun Ultra's. However, do try it!)
Step One. Send mail with the ordinary "mail" command, but
using the -v option. This causes verbose output, revealing the
nature of the interaction between the sendmail process running
on the sending host (the client) and the sendmail process
running on the receiving host (the server). The following
example illustrates how to send the mail with the -v option:
--------------------------- start one ---------------------------
john@regulus: mail -v john@ishi.csustan.edu
Subject: Test
Cc:
This is a test.
.
EOT
john@regulus: john@ishi.csustan.edu... Connecting to ishi.csustan.edu. via esmtp...
220 ishi.csustan.edu Sendmail NX5.67d/NX3.0M ready at Tue, 23 Feb 99 20:05:40 -0800
>>> EHLO regulus.csustan.edu
500 Command unrecognized
>>> HELO regulus.csustan.edu
250 ishi.csustan.edu Hello regulus.csustan.edu, pleased to meet you
>>> MAIL From:<john@regulus.csustan.edu>
250 <john@regulus.csustan.edu>... Sender ok
>>> RCPT To:<john@ishi.csustan.edu>
250 <john@ishi.csustan.edu>... Recipient ok
>>> DATA
354 Enter mail, end with "." on a line by itself
>>> .
250 Ok
john@ishi.csustan.edu... Sent (Ok)
Closing connection to ishi.csustan.edu.
>>> QUIT
221 ishi.csustan.edu closing connection
--------------------------- stop one ---------------------------
(You may need to press the enter key now to get your prompt back
from the shell.)
Step Two. Telnet to port 25 on the receiving host and
use the same protocol to send a message "by hand." Note that
you may be able to "get away" with saying the mail is from
someone else. Try it! It's OK if you are sending the mail to
yourself!
--------------------------- start two ---------------------------
john@regulus: telnet ishi.csustan.edu 25
Trying 130.17.1.71...
Connected to ishi.csustan.edu.
Escape character is '^]'.
220 ishi.csustan.edu Sendmail NX5.67d/NX3.0M ready at Tue, 23 Feb 99 19:57:44 -0800
HELO foobar.yech.com
250 ishi.csustan.edu Hello foobar.yech.com (regulus.csustan.edu), pleased to meet you
MAIL From:<mmouse@disney.com>
250 <mmouse@disney.com>... Sender ok
RCPT To:<john@ishi.csustan.edu>
250 <john@ishi.csustan.edu>... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Subject: This is a bogus message
Hi John,
Rocky says that Bullwinkle is a dope.
-- Mickey
.
250 Ok
QUIT
221 ishi.csustan.edu closing connection
Connection closed by foreign host.
--------------------------- stop two ---------------------------
Step Three. Read the e-mail message you sent yourself
when you did step two. How much does the message reveal about
the true identity or location of the sender? When an e-mail
message is transmitted, some information about the sender goes
into the message header and some information goes into one or
more log files on the receiving host. The exact nature of the
information varies with the software and the way that it is
configured. Generally speaking, it's not too hard to send mail
that appears to come from someone else.
--------------------------- start three ---------------------------
Message 54:
From mmouse@disney.com Tue Feb 23 19:59:42 1999
Return-Path: <mmouse@disney.com>
Received: from regulus.csustan.edu by ishi.csustan.edu (NX5.67d/NX3.0M)
id AA11793; Tue, 23 Feb 99 19:58:14 -0800
Date: Tue, 23 Feb 99 19:58:14 -0800
From: <mmouse@disney.com>
Message-Id: <9902240358.AA11793@ishi.csustan.edu>
Subject: This is a bogus message
Apparently-To: <john@ishi.csustan.edu>
Status: R
Hi John,
Rocky says that Bullwinkle is a dope.
-- Mickey
--------------------------- stop three ---------------------------
Step Four. Check the log entry the receiving host made in
/var/log/syslog. (In the example, ishi is the receiving host.)
You obtain the log entry by doing "tail /var/log/syslog" on a sun
Ultra. The location of such log files varies from unix system to
unix system (on NeXT's like ishi the file is
/usr/spool/mqueue/syslog). Depending on how file permissions are
set, ordinary users may not be allowed to access log files. In
any case, the log entries here show no recognition of who
actually sent the message:
--------------------------- start four ---------------------------
Feb 23 19:59:41 ishi sendmail[11793]: AA11793: message-id=<9902240358.AA11793@ishi.csustan.edu>
Feb 23 19:59:41 ishi sendmail[11793]: AA11793: from=<mmouse@disney.com>, size=92, class=0, received from regulus.csustan.edu (130.17.1.59)
Feb 23 19:59:42 ishi sendmail[11795]: AA11793: to=<john@ishi.csustan.edu>, delay=00:01:28, stat=Sent
--------------------------- stop four ---------------------------
Food for thought: Is it possible to send the mail from
regulus to ishi, but hide the fact from ishi that the mail came
from regulus? Explain how you might be able to do this.