RFC 1985 (rfc1985) - Page 2 of 7
SMTP Service Extension for Remote Message Queue Starting
Alternative Format: Original Text Document
RFC 1985 SMTP Service Extension - ETRN August 1996
2. Framework for the ETRN Extension
The following service extension is therefore defined:
(1) the name of the SMTP service extension is "Remote Queue
Processing Declaration";
(2) the EHLO keyword value associated with this extension is "ETRN",
with no associated parameters;
(3) one additional verb, ETRN, with a single parameter that
specifies the name of the client(s) to start processing for;
(4) no additional SMTP verbs are defined by this extension.
The remainder of this memo specifies how support for the extension
affects the behavior of an SMTP client and server.
3. The Remote Queue Processing Declaration service extension
To save money, many small companies want to only maintain transient
connections to their service providers. In addition, there are some
situations where the client sites depend on their mail arriving
quickly, so forcing the queues on the server belonging to their
service provider may be more desirable than waiting for the retry
timeout to occur.
Both of these situations could currently be fixed using the TURN
command defined in [1], if it were not for a large security loophole
in the TURN command. As it stands, the TURN command will reverse the
direction of the SMTP connection and assume that the remote host is
being honest about what its name is. The security loophole is that
there is no documented stipulation for checking the authenticity of
the remote host name, as given in the HELO or EHLO command. As such,
most SMTP and ESMTP implementations do not implement the TURN command
to avoid this security loophole.
This has been addressed in the design of the ETRN command. This
extended turn command was written with the points in the first
paragraph in mind, yet paying attention to the problems that
currently exist with the TURN command. The security loophole is
avoided by asking the server to start a new connection aimed at the
specified client.
In this manner, the server has a lot more certainty that it is
talking to the correct SMTP client. This mechanism can just be seen
as a more immediate version of the retry queues that appear in most
SMTP implementations. In addition, as this command will take a
De Winter Standards Track