RFC 1985 (rfc1985) - Page 2 of 7

SMTP Service Extension for Remote Message Queue Starting

Alternative Format: Original Text Document
< Previous
Next >
RFC 1985             SMTP Service Extension - ETRN           August 1996


2.  Framework for the ETRN Extension

   The following service extension is therefore defined:

   (1) the name of the SMTP service extension is "Remote Queue
   Processing Declaration";

   (2) the EHLO keyword value associated with this extension is "ETRN",
   with no associated parameters;

   (3) one additional verb, ETRN, with a single parameter that
   specifies the name of the client(s) to start processing for;

   (4) no additional SMTP verbs are defined by this extension.

   The remainder of this memo specifies how support for the extension
   affects the behavior of an SMTP client and server.

3.  The Remote Queue Processing Declaration service extension

   To save money, many small companies want to only maintain transient
   connections to their service providers.  In addition, there are some
   situations where the client sites depend on their mail arriving
   quickly, so forcing the queues on the server belonging to their
   service provider may be more desirable than waiting for the retry
   timeout to occur.

   Both of these situations could currently be fixed using the TURN
   command defined in [1], if it were not for a large security loophole
   in the TURN command.  As it stands, the TURN command will reverse the
   direction of the SMTP connection and assume that the remote host is
   being honest about what its name is.  The security loophole is that
   there is no documented stipulation for checking the authenticity of
   the remote host name, as given in the HELO or EHLO command.  As such,
   most SMTP and ESMTP implementations do not implement the TURN command
   to avoid this security loophole.

   This has been addressed in the design of the ETRN command.  This
   extended turn command was written with the points in the first
   paragraph in mind, yet paying attention to the problems that
   currently exist with the TURN command.  The security loophole is
   avoided by asking the server to start a new connection aimed at the
   specified client.

   In this manner, the server has a lot more certainty that it is
   talking to the correct SMTP client.  This mechanism can just be seen
   as a more immediate version of the retry queues that appear in most
   SMTP implementations.  In addition, as this command will take a



De Winter                   Standards Track
< Previous
Next >