Network Working Group J. De Winter Request for Comments: 1985 Wildbear Consulting, Inc. Category: Standards Track August 1996 SMTP Service Extension for Remote Message Queue Starting Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This memo defines an extension to the SMTP service whereby an SMTP client and server may interact to give the server an opportunity to start the processing of its queues for messages to go to a given host. This extension is meant to be used in startup conditions as well as for mail nodes that have transient connections to their service providers. 1. Introduction The TURN command was a valid attempt to address the problem of having to start the processing for the mail queue on a remote machine. However, the TURN command presents a large security loophole. As there is no verification of the remote host name, the TURN command could be used by a rogue system to download the mail for a site other than itself. Therefore, this memo introduces the ETRN command. This command uses the mechanism defined in [4] to define extensions to the SMTP service whereby a client ("sender-SMTP") may request that the server ("receiver-SMTP") start the processing of its mail queues for messages that are waiting at the server for the client machine. If any messages are at the server for the client, then the server should create a new SMTP session and send the messages at that time. De Winter Standards Track [Page 1] RFC 1985 SMTP Service Extension - ETRN August 1996 2. Framework for the ETRN Extension The following service extension is therefore defined: (1) the name of the SMTP service extension is "Remote Queue Processing Declaration"; (2) the EHLO keyword value associated with this extension is "ETRN", with no associated parameters; (3) one additional verb, ETRN, with a single parameter that specifies the name of the client(s) to start processing for; (4) no additional SMTP verbs are defined by this extension. The remainder of this memo specifies how support for the extension affects the behavior of an SMTP client and server. 3. The Remote Queue Processing Declaration service extension To save money, many small companies want to only maintain transient connections to their service providers. In addition, there are some situations where the client sites depend on their mail arriving quickly, so forcing the queues on the server belonging to their service provider may be more desirable than waiting for the retry timeout to occur. Both of these situations could currently be fixed using the TURN command defined in [1], if it were not for a large security loophole in the TURN command. As it stands, the TURN command will reverse the direction of the SMTP connection and assume that the remote host is being honest about what its name is. The security loophole is that there is no documented stipulation for checking the authenticity of the remote host name, as given in the HELO or EHLO command. As such, most SMTP and ESMTP implementations do not implement the TURN command to avoid this security loophole. This has been addressed in the design of the ETRN command. This extended turn command was written with the points in the first paragraph in mind, yet paying attention to the problems that currently exist with the TURN command. The security loophole is avoided by asking the server to start a new connection aimed at the specified client. In this manner, the server has a lot more certainty that it is talking to the correct SMTP client. This mechanism can just be seen as a more immediate version of the retry queues that appear in most SMTP implementations. In addition, as this command will take a De Winter Standards Track [Page 2] RFC 1985 SMTP Service Extension - ETRN August 1996 single parameter, the name of the remote host(s) to start the queues for, the server can decide whether it wishes to respect the request or deny it for any local administrative reasons. 4. Definitions Remote queue processing means that using an SMTP or ESMTP connection, the client may request that the server start to process parts of its messaging queue. This processing is performed using the existing SMTP infrastructure and will occur at some point after the processing is initiated. The server host is the node that is responding to the ETRN command. The client host is the node that is initiating the ETRN command. The remote host name is defined to be a plain-text field that specifies a name for the remote host(s). This remote host name may also include an alias for the specified remote host or special commands to identify other types of queues. 5. The extended ETRN command The extended ETRN command is issued by the client host when it wishes to start the SMTP queue processing of a given server host. The syntax of this command is as follows: ETRN [