Mail service Office Protocol

Sniffing

In Hack Proofing Your Network (Second Edition), 2002

Monitoring POP (Port 110)

The Post Function Protocol (Pop) service is a network server by which client-based e-mail programs are continued to access a user'southward e-mail service on a primal server. Pop servers appear commonly on an Internet service provider's (ISP'south) network, to provide electronic mail delivery to customers. Pop traffic is often not encrypted, sending hallmark information in plaintext. Username and password information is specified to the remote server via the USER and PASS commands. An example of the protocol is as follows:

[˜] % telnet localhost 110

Trying 127.0.0.one…

Connected to localhost.

Escape graphic symbol is '^]'.

+OK POP3 localhost v7.59 server gear up

USER oliver

+OK User name accepted, password please

Pass welcome

+OK Mailbox open, 24 letters

Note that extensions to the POP protocol be, which prevent authentication information from being passed on the network in the clear, in addition to session encryption.

Read full affiliate

URL:

https://www.sciencedirect.com/science/article/pii/B9781928994701500136

The Open Systems Interconnect Model

Dale Liu , ... Luigi DiGrande , in Cisco CCNA/CCENT Test 640-802, 640-822, 640-816 Preparation Kit, 2009

POP

Post Part Protocol is a widely used e-postal service application protocol that tin can be used to retrieve eastward-mail service from an e-mail server for the client application, such as Microsoft Outlook. The current version of Pop is POP3.

Pop servers ready mailboxes (actually directories or folders) for each e-mail business relationship name. The server receives the mail for a domain and sorts it into these private folders. Then, a user uses a Pop client program (such as Outlook or Eudora) to connect to the Pop server and download all the mail in that user's folder to the user'south computer. Usually, when the mail messages are transferred to the client machine, they are deleted from the server.

Read total affiliate

URL:

https://www.sciencedirect.com/science/article/pii/B9781597493062000063

E-mail

Michael Sampson , in Encyclopedia of Information Systems, 2003

IV.C. Post Office Protocol (POP3)

The post part protocol (POP) is the about commonly used message request protocol in the Internet earth for transferring messages from an e-mail server to an electronic mail client. With POP3, the e-mail client requests new messages from the electronic mail server, and the server "pops" all new messages out to the client. The server does not retain a copy of the messages, unless specifically requested to exercise and so by the e-postal service client. The only copy of the message is now stored locally on the user's PC, using files on the local hard disk. For instance, each binder in Microsoft Outlook Express has an associated MBX file on the hard disk that stores messages contained in the folder.

The current base standard for POP3 is described in RFC1939 Post Office Protocol—Version 3 (http://www.ietf.org/rfc/rfc1939.txt) and RFC2449 POP3 Extension Machinery (http://www.ietf.org/rfc/rfc2449.txt).

Read full chapter

URL:

https://www.sciencedirect.com/scientific discipline/article/pii/B0122272404000526

Cisco Intrusion Detection

In Cisco Security Professional's Guide to Secure Intrusion Detection Systems, 2003

Cisco PostOffice Protocol

To manage and maintain the Cisco IDS devices, Cisco first developed a proprietary protocol known equally PostOffice Protocol. It is now beingness replaced past RDEP, which we'll draw later. The PostOffice Protocol is not to be confused with

the Mail service Office Protocol POP3 (TCP port 110) normally used by mail clients to retrieve Internet mail. Rather, the Cisco PostOffice Protocol is a UDP service that functions, past default, over port 45000 to provide messaging between the direction console and IDS sensors. Afterwards Cisco IDS Software Version two.ii.1, this default port is configurable. The PostOffice Protocol provides messaging for:

Command data

Error and alarm messages

Command and IP logs

Redirects

Device heartbeats

The PostOffice Protocol is primarily a "button" applied science as opposed to the "pull" mechanism of RDEP. Considering PostOffice Protocol was the primary means of communication between security devices, Cisco developed reliability, redundancy, and mistake-tolerance schemes within the protocol to ensure messaging success.

While a UDP-based service, PostOffice Protocol requires acknowledgement of alarm message commitment. This promotes reliability since the IDS sensor will go on to send alert messages until it receives acknowledgement from the console. Redundancy and fault tolerance are enabled via multiple IDS panel devices configured to service the same group of sensors. The PostOffice Protocol permits sensors to propagate messages up to 255 destinations, which allows for redundant alert notifications and ensures the appropriate personnel are notified when an alert is received. Similarly, up to 255 addresses tin can exist specified for a single console host. This facilitates mistake tolerance; should 1 road to a panel address fail, another could easily initiate connectivity.

With PostOffice, administrators must assign each IDS sensor a unique identifier composed of some of the following attributes:

Host ID The Host ID must be a unique numeric value greater than zero, such as 30.

Organisation ID The Arrangement ID must be a numeric value greater than nada, such as 100. This number tin can exist the same for multiple sensors.

Host proper noun The Host proper name is an alphanumeric string that identifies the host, such as Sensor1B.

Organization name The Organization name is an alphanumeric string that identifies the company or organization, such as AcmeCorp.

An instance of the PostOffice naming convention is shown in Effigy 2.i.

Figure 2.i. PostOffice Protocol Addressing

This helps the security team identify sensors in large environments, but it is likewise required for the PostOffice Addressing scheme, which is composed of iii components. The host and organisation identifiers signify the first two components of the addressing scheme, while the tertiary component is a unique application identifier. All three of these unique identifiers are used by the protocol to route command and control communications.

For case, in Figure two.ii, a sensor with Host ID 3 and Org ID 20 issues a PostOffice Protocol alarm using Application ID 10006 destined for an IDS console with Host ID 30 and Org ID xx. Upon receiving the alert, the Console acknowledges it via Application ID 10000 to the sensor.

Figure 2.two. PostOffice Addressing Scheme

Read full chapter

URL:

https://www.sciencedirect.com/scientific discipline/article/pii/B9781932266696500227

Managing the Client Access Server

Henrik Walther , in How to Cheat at Configuring Exchange Server 2007, 2007

Limiting Admission to the POP3 and IMAP4 Service

When the POP3 and IMAP4 services accept been started, all mailbox-enabled users can admission their mailbox using one of these two services. Since at that place might be situations where you lot desire to lock down access to these two services to a specific set of users (for example, in a shared hosting environment), I thought it would be a expert idea to bear witness you how to set access these services on a per-user footing.

To enable or disable admission to POP3, apply the following cmdlets:

To enable or disable access to IMAP4, use the following cmdlets:

If you need to enable or disable one of these services for thousands of users, you could make use of pipage. Let's say you wanted to enable IMAP4 access to all users with a mailbox on a item Substitution 2007 Server, y'all could type:

Of class this is just a simple command to show y'all how powerful the Exchange Management Vanquish is when it comes to bulk-enabling a feature for a set of users.

Read total chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9781597491372500083

Managing the Client Access Server

In The Best Damn Exchange, SQL and IIS Book Menses, 2007

Limiting Admission to the POP3 and IMAP4 Service

When the POP3 and IMAP4 services have been started, all mailbox-enabled users can access their mailbox using one of these two services. Since in that location might be situations where you want to lock downwardly access to these two services to a specific set up of users (for example, in a shared hosting environment), I idea it would be a proficient idea to show you how to set admission these services on a per-user basis.

To enable or disable admission to POP3, use the following cmdlets:

Gear up-CASMailbox   <user mailbox>   -ImapEnabled $true

Set up-CASMailbox   <user mailbox>   -ImapEnabled $false

To enable or disable admission to IMAP4, utilize the following cmdlets:

Fix-CASMailbox   <user mailbox>   -PopEnabled $true

Set-CASMailbox   <user mailbox>   -PopEnabled $false

If you lot demand to enable or disable one of these services for thousands of users, yous could make utilize of piping. Let'south say yous wanted to enable IMAP4 access to all users with a mailbox on a item Substitution 2007 Server, you could type:

Get-Mailbox   <servername>   | Set up-CASMailbox -ImapEnabled $true

Of course this is merely a simple command to show you how powerful the Commutation Management Shell is when it comes to bulk-enabling a feature for a set of users.

Read total chapter

URL:

https://www.sciencedirect.com/scientific discipline/article/pii/B9781597492195000054

Imprint Grabbing with Netcat

In Netcat Power Tools, 2008

Microsoft Substitution Popular and IMAP Banners

Instructions for changing the Popular imprint for Microsoft Exchange are nearly identical to those for changing the SMTP banner. These steps again rely on MetaEdit, and can be viewed from Microsoft Cognition Base of operations commodity 303513, located at http://support.microsoft.com/kb/303513. Upon running MetaEdit, scan to "LM\SmtpSvc\<virtual server id>," where the id is typically "1." With the server id highlighted, from the pull downwards menu select Edit | New | String to display the string editor dialog, as shown earlier in Figure 4.17. Fix the Id to "(Other)" and the field adjacent to it to "41661," the numeric identifier for the POP Connection string. In the Data field at the lesser type the text that you lot wish to appear within your banner. The text here volition replace the unabridged POP imprint, which normally appears similar:

+OK Microsoft Exchange Server 2003 POP3 server version six.five.7623.0 (Hostname) prepare.

Past setting this data field to "My Pop Server," for example, the complete imprint will be changed to:

+OK My Pop Server

Afterwards the change has been completed, end and restart the POP3 service. The updated banner should announced immediately through Netcat.

Since nosotros're already rehashing the same steps for SMTP and Pop, we'll now get into IMAP. If you have an IMAP post server and wish to change the banner, follow the exact same steps laid out above, but use a different 5-digit code in the New String dialog box, "49884." This numeric identifier designates the connexion cord for the IMAP4 service.

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9781597492577000042

Sendmail and IMAP Security

In Email Virus Protection Handbook, 2000

The IMAP Advantage

The primary difference betwixt a Pop and an IMAP server is that an IMAP server holds all incoming and saved mail on a cardinal server. When you connect to a Popular server, your client downloads any new mail and nearly of the time the server deletes its copies. This strategy takes less storage space on the server side and supports a dynamic post store that is not intended to have a long shelf life on the server. IMAP, on the other paw, is intended to employ the server as a long-term storage area. Every bit we will see, this has definite utility for its client users, but tin create headaches for the servers' support staff.

IMAP has the advantage of existence very useful to a mobile population of users. The mobile population could be a corporate sales force who spend most of their fourth dimension out of the role or information technology could exist students at a large academy who may not ever use the same computer twice in a row. In fact, computing in general is becoming more mobile, and personal information and messaging has spawned a whole generation of hardware devices that have networking as their lifeline. These devices will keep to get more sophisticated and support the types of messaging that nosotros now do from a desktop or laptop estimator.

Mobile computing presents a formidable task for the Popular mail user. The electronic mail message from Sue might exist on your PDA, but the answer on which you copied Frank may be on your cell phone, and Frank's answer to you might be on your laptop, merely the re-create of information technology that you forwarded to Dave could be on your desktop PC, and getting to all those messages at in one case could come across y'all buried under a mound of messaging technology. Obviously, with an IMAP server, no matter what device and no matter what your location, your email is accessible.

To see the IMAP reward, consider the case of a big metropolitan university with twenty to thirty m students. In this case, more students commute to school than stay in residence on campus. Fifty-fifty when they are on campus, they may be reading e-mail from a number of locations: a library computer, a PC in a calculating lab, or from a reckoner in an role where they accept a part-fourth dimension chore. They and then may go abode where they have a Macintosh that they've been using since high school. Typical students read their mail most oftentimes on a figurer that is not under their control. Their just permanent storage is a floppy or cipher disk that they comport around in their pocket or backpack. Electronic mail is the all-time communication conduit to their professors outside the classroom and they need access to their due east-mail, new or saved, whether they are working on a term paper in the library or completing an consignment at dwelling. An IMAP solution provides them access to their electronic mail from any location and from any computer that can support an IMAP client. If the client is Spider web-based, so they can access their due east-mail with only a working Web browser as the requirement.

The advantage to the IMAP client user translates into a larger support responsibility for the IT group. Commencement, there is the chore of managing storage for all that electronic mail. A x-MB post store for each of thirty k students is potentially 300 GB of space. The actual number of users to space needed is more like a 3 to 1 ratio (depending on the activity of your population). However, the book is still meaning. Keeping that information secure is another task. Since IMAP makes and keeps multiple connections to the server, securing the server from unauthorized admission can require more attention than for the "hit-and-run" access method used on a Pop server.

Read full chapter

URL:

https://world wide web.sciencedirect.com/science/commodity/pii/B9781928994237500148

Application Layer Protocols

Edward Insam PhD, BSc , in TCP/IP Embedded Internet Applications, 2003

Summary

SMTP is much simpler than POP3 and is ideal for embedded systems for sending email messages. It is also appealing because all messages can be small, and easily handled past RAM limited systems. The steps required for a simple mail dial-up transaction are:

1.

Customer (causeless the embedded organization) contacts the Internet access provider over a dial-up telephone connection. The client uses AT commands to enable the modem punch the number and establish the connection.

2.

The ISP will reply with a PPP (or SLIP) initialization sequence. The client volition negotiate a convenient protocol using PPP commands. In the case of an embedded organization, these could be the minimum necessary. During negotiations, the client volition send its logon ID and password. If accepted, the ISP will return an allocated IP address for the session. The client will effectively become this IP accost for the duration of the call.

3.

Having negotiated PPP parameters, the client tin now talk directly to the mail server. The first thing information technology volition exercise is to open a TCP connection (port 25 for SMTP, port 110 for POP3).

four.

When the connection is open, the customer will send commands and email body text sequences every bit described in the previous section, always waiting for replies.

v.

At the end of the transaction, the customer tin drop the connectedness, either by closing the TCP link, or more crudely, by simply dropping the phone line.

Reading E-mail Headers

Here is a brief analysis of the life of a piece of email. This background cloth may exist important for understanding how emails are transmitted, peculiarly for automatically generated emails such as may be used in an embedded system. Let us assume that user [electronic mail protected] wants to send a simple email to [email protected] Allow's further assume that the remote system is using a mail service handler program called supermail (the IP addresses shown are fictitious). When myname wants to ship an electronic mail to yourname, he or she composes it at their PC workstation, which is mayhap continued to the myisp network via a dialup line. The calculator at myname contacts the ISP via a dialup line (presume the web proper noun of the mail handling system at the Internet service provider is mail service.myisp.com ). The mail server, now seeing that information technology has a message to forward to another computer, contacts the mail service server at the remote location and delivers it (assume this is called mail.yourisp.com ). The remote destination user yourname retrieves the message past logging in to yourisp.com and downloading the message. During this processing, headers volition be added to the message at least 3 times: At composition time, by whatever e-mail programmemyname is using. When the message passes through mail.myisp.com , And at the transfer betwixt myisp.com to yourisp.com. Sometimes, the remote ISP plan that downloads the letters may add a further header. At composition time, the message header is:

Note: The two command lines Date: and 10-Mailer: were not included in the original sender's text. These are usually added by user mail service applications. When myisp.com processes the bulletin for sending to yourisp.com , the headers have now become:

When the message is received at yourisp.com the headers accept at present become:

This last set of headers is what the recipient sees on his e-mail text. The outset extra line (note the word wrap, it is all in a unmarried line) shows that this email was received from a motorcar calling itself mail service.myisp.com (i.e. the beginning reference to mail.myisp.com in the line). The next entry in brackets evidence who the real sender was. In this case the sender was IP address 192.123.1.12, which just happens to correspond to mail.myisp.com . (the system will do a reverse cheque). The aforementioned line shows that the machine that did the receiving was mail.myisp.com , and that is running a Supermail plan version ane.ane.2. The receiving machine assigned ID number LAA2001 to the message, this is used internally by the system for logging and administration purposes. The line as well shows the message was destined for < [email protected] >. Note that this header is not related to the To: header. The second extra line shows the like information just related to the previous hop. That is at the point between myisp.com and yourisp.com. Note the differences in travel times for the messages., and the repeated entries for source and destination machines. This seemingly irrelevant repetition of addresses only makes sense when considering Relays, these are intermediate machines in the transmission path. A message may not get directly from machine A to B, only possibly from A to C, so to D and finally to B. The third actress line is a Message Id line added past the first postal service sender to identify it, and to exist able to track information technology during its lifetime.

The state of affairs above is rather simplistic. In reality, a bulletin may pass through several more machines (including firewalls and relays) each adding an extra header to the message. This contributes to the strange system addresses found on some email messages.

Read full chapter

URL:

https://world wide web.sciencedirect.com/science/article/pii/B9780750657358500357

Navigating the File Organisation, Bones I/O and Sockets

Clif Flynt , in Tcl/Tk (Third Edition), 2012

4.5.1 Using a Customer Socket

The outline of a Tcl TCP/IP customer looks as follows.

prepare server SERVERADDRESS

prepare port PORTNUMBER

set connectedness [socket $server $port]

puts $connection "COMMAND"

flush $connexion

gets $connection outcome

analysisProcedure $consequence

The next example demonstrates how to open a socket to a remote Post Office Protocol (POP) server to check for mail and shows how Tcl I/O and string commands can be used to develop an Internet client. The POP 3 message protocol is an ASCII chat betwixt the POP 3 customer (your car) and the POP 3 server (the remote auto). If you used POP from a Telnet client to acquire if you lot have mail service waiting, the conversation would resemble the following.

$> telnet pop.example.com pop3

Trying 123.456.789.012

Connected to 123.456.789.012

Escape character is '^]'.

+OK QPOP (version two.2-krb-Four) at popular.example.com starting.

  <[email protected]>

user ImaPopper

+OK Password required for ImaPopper.

pass myPassword

+OK ImaPopper has 1 message (1668 octets).

The following instance will contact a remote motorcar and report if whatsoever mail is waiting. The machine name, user name, and countersign are all difficult-coded in this example. The test for +OK is done differently in each test to demonstrate some different methods of checking for one cord in another.

Case 13

Script Example

# Open a socket to a Popular server. Report if mail is bachelor

# Assign a host, login and countersign for this session

set popHost example.com

set popLoginID myID

gear up popPasswd SecretPassword

# Open the socket to port 110 (POP3 server)

prepare popClient [socket $popHost 110]

# Become the first line:

# +OK QPOP (version ..) at example.com starting...

gear up line [gets $popClient]

# We can check for the 'OK' reply by confirming that 'OK'

# is the start item in the string

if {[string first "+OK" $line] != 0} {

  puts "ERROR: Did not get expected '+OK' prompt"

  puts "Received: $line"

  go out;

}

# send the user proper noun

# Notation that the socket can be used for both input and output

puts $popClient "user $popLoginID"

# The socket is buffered by default. Thus we need to

# either fconfigure the socket to be not-buffered, or

# strength the buffer to be sent with a affluent command.

flush $popClient

# Receive the countersign prompt:

# +OK Password required for myID.

ready response [gets $popClient]

# We can also check for the 'OK' using string match

if {[string match "+OK*" $response] == 0} {

  puts "ERROR: Did not get expected '+OK' prompt"

  puts "Received: $response"

  exit;

}

# Send Password

puts $popClient "pass $popPasswd"

affluent $popClient

# Receive the message count:

# +OK myID has 0 messages (0 octets).

set message [gets $popClient]

if {![cord lucifer "+OK*" $message]} {

  puts "ERROR: Did non get expected '+OK' prompt"

  puts "Received: $bulletin"

  exit;

}

puts [cord range $bulletin 3 finish]

Script Output

myID has 2 letters (2069 octets).

Y'all tin can put together a client/server application with only a few lines of Tcl. Note that the mistake messages use an apostrophe to quote the +OK string. In Tcl, different C or trounce scripts, the apostrophe has no special meaning.

Read full affiliate

URL:

https://world wide web.sciencedirect.com/science/article/pii/B978012384717100004X