Mail Working Group                              Jack De Winter, Director
Internet Draft                                 Wildbear Consulting, Inc.
                                                   Expires in six months


                         SMTP Service Extension
                      for Remote Message Queue Starting

                             January 26, 1996


1. Status of this Memo

   This document is an Internet-Draft. Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups. Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other
   documents at any time. It is inappropriate to use Internet-
   Drafts as reference material or to cite them other than as
   "work in progress."

   To learn the current status of any Internet-Draft, please check
   the "1id-abstracts.txt" listing contained in the Internet-
   Drafts Shadow Directories on ds.internic.net (US East Coast),
   nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or
   munnari.oz.au (Pacific Rim).

2. Abstract

      This memo defines an extension to the SMTP service whereby an
   SMTP client and server may interact to give the server an opportunity
   to start the processing of its queues for messages to go to a given
   host.  This is an attempt to fix the security problems with the TURN
   by creating a new command ETRN that places the emphasis on the server
   instead of the connection.  This extension is meant to be used in
   startup conditions as well as for mail nodes that have transient
   connections to their service providers.


3.  Introduction

      The TURN command was a valid attempt to address the problem of
   having to start the processing for the mail queue on a remote machine.
   However, the TURN command presents a large security loophole.  As
   there is no verification of the remote host name, the TURN command
   could be used by a rogue system to download the mail for a site other
   than itself.

      Therefore, this memo introduces the ETRN command.  This command
   uses the mechanism defined in [4] to define extensions to the SMTP
   service whereby a client ("sender-SMTP") may request that the server
   ("receiver-SMTP") start the processing of its mail queues for
   messages that are waiting at the server for the client machine.  If
   any messages are at the server for the client, then the server should
   create a new SMTP session and send the messages at that time.

4.  Framework for the ETRN Extension

      The following service extension is therefore defined:

   (1) the name of the SMTP service extension is "Remote Queue
   Processing Declaration";

   (2) the EHLO keyword value associated with this extension is "ETRN";

   (3) one additional command, ETRN, with a single parameter that
   specifies the name of the client to start processing for

   (4) no additional SMTP verbs are defined by this extension.

   The remainder of this memo specifies how support for the extension
   affects the behavior of an SMTP client and server.


5.  The Remote Queue Processing Declaration service extension

      To save money, many small companies want to only maintain
   transient connections to their service providers.  In addition, there
   are some situations where the client sites depend on their mail
   arriving quickly, so forcing the queues on the server belonging to
   their service provider may be more desirable than waiting for the
   retry timeout to occur.

      Both of these situations could currently be fixed using the TURN
   command defined in [1], if it were not for a large security loophole
   in the TURN command.  As it stands, the TURN command will reverse the
   direction of the SMTP connection and assume that the remote host is
   being honest about what its name is.  The security loophole is that
   there is no stipulation for checking the authenticity of the remote
   host name, as given in the HELO or EHLO (for the ESMTP extensions in
   [4]).

      This has been addressed in the design of the ETRN command.  This
   extended turn command was written with the points in the first
   paragraph in mind, yet paying attention to the problems that
   currently exist with the TURN command.  The security loophole is
   avoided by placing the focus on the server to start a new connection
   aimed at the specified client.

      In this manner, the server has a lot more certainty that it is
   talking to the correct SMTP client.  This mechanism can just be seen
   as a more immediate version of the retry queues that appear in most
   SMTP implementations.  In addition, as this command will take a
   single parameter, the name of the remote host to start the queues for,
   the server can make a decision as to whether it wishes to respect the
   request or deny it for administrative reasons.
  
6.  Definitions

      The term remote queue processing is meant to reflect the manner in
   which a server implementation of the SMTP protocol maintains its
   queue of messages that it currently cannot send to the proper hosts.
   This method reflects the wishes of that remote host, as reflected by
   the MX records, and most likely will reflect that the local host is
   listed in the MX records or that there is no MX record for the remote
   host.

      The remote host name is defined to be a plain-text field that
   specifies a fully qualified domain name for the remote host.  This
   remote host name may also include an alias for the specified remote
   host.

7.  The extended ETRN command

      The extended ETRN command is issued by a client when it wishes to
   start the SMTP queue processing of a remote host.  The syntax of this
   command is as follows:

   ETRN [<option character>]<node name><CR><LF>

   This command may only be issued at any time once a session is
   established, as long as there is not a transaction occuring.  Thus,
   this command is illegal between a MAIL FROM: command to the end of
   the DATA commands and responses.

      The specified node name must be a fully qualified domain name for
   the node, but may include an alias for the local node.  If an alias
   is used for the node, multiple ETRN commands may be needed to start
   the processing for the node as it may be listed at the remote site
   under multiple names.  The option character under normal circumstances
   is not used.

7.1  Server action on receipt of the extended ETRN command

      When the server receives the ETRN command, it should have a look
   at the node name that is specified in the command and make a local
   decision if it should respect the node name.  If not, the
   appropriate error codes should be returned to the client.

      Otherwise, the server should start force its retry queues to start
   sending messages to that remote site, using another SMTP connection.
   At the moment, there is no definition that a connection must occur.
   This should be noted in the case where there are no messages for the
   client at the server site.

      Seeing as the processing of the queues may take an indeterminate
   amount of time, this command should return immediately with a
   response to the client side.  The valid return codes for this command
   are:

   250 OK, queuing for node <x> started
   251 OK, no messages waiting for node <x>
   458 Unable to queue messages for node <x>
   459 Node <x> not allowed: <reason>
   500 Syntax Error
   501 Syntax Error in Parameters

7.2  Client action on receiving response to extended ETRN command

     If one of the 500 level error codes (550 or 551) are sent, the
   client should assume that the protocol is not supported in the remote
   site or that the protocol has not been implemented correctly on
   either the client or server site.  In this case, multiple ETRN
   commands (dealing with the aliases for the system) should not be
   sent.

     If the 250 response is received, then the client can assume that
   the server found its request to be satisfactory and it will send
   any queued messages.  This process may involve going through a very
   large retry queue, and may take some time.

     If the 400 level response is received, then the client can assume
   that the server supports the command, but for some local reason does
   not want to accept the ETRN command as is.  In most cases, it will
   mean that there is a list of nodes that it will accept the command
   from and the current client is not on that list.  The 459 response
   code is presented to allow for a more in-depth reason as to why the
   remote queuing cannot be started.

7.3  Use Of ETRN to release mail for a subdomain or queue

     If the requesting server wishes to release all of the mail for
   a given subdomain, a variation on the ETRN command can be used.
   To perform this request, the option character '@' should be used
   in front of the node name.  In this manner, any node names that
   are formed of a prefix of characters and a suffix of the specified
   node name are released.

     For example, if the command ETRN @foo.com was issued, then any
   accumulated mail for fred.foo.com, a.b.c.d.e.f.g.foo.com or foo.com
   may be released.  It should be noted that the receiving side of the
   ETRN command should make a decision based on the node in question
   and only allow certain combinations for each of the nodes.  This is
   more of a security issue than anything else.

     In a similar vein, it might be necessary under some circumstances
   to release a certain queue containing information.  To this end,
   the option character '#' can be used to force the processing of a
   given queue.  In this case, the node name would be used as a queue
   name instead, and its syntactical structure would be dependant on
   the receiving server.  An example of this would be using the command
   ETRN #uucp to force the flush of a UUCP queue.


8.  Minimal usage

      A "minimal" client may use this extension to simply force its
   empirical name to be used to start the queues on the remote host.
   This minimal usage will not handle cases where mail for 'x.y' is sent
   to 's.x.y' which is aliased through a firewall or simple for local
   site management reasons.

      A minimal server may use this extensions to start the processing
   of the queues for all remote sites.  In this case, the 458 error
   response will not be seen, and it should always return the 250
   response as it will always try and start the processing for any
   request.


9. Example

   The following example illustrates the use of remote queue processing
   with some permanent and temporary failures.

   S: <wait for connection on TCP port 25>
   C: <open connection to server>
   S: 220 sigurd.innosoft.com -- Server SMTP (PMDF V4.2-6 #1992)
   C: EHLO ymir.claremont.edu
   S: 250-sigurd.innosoft.com
   S: 250-EXPN
   S: 250-HELP
   S: 250 ETRN
   C: ETRN
   S: 500 Syntax Error
   C: ETRN localname
   S: 501 Syntax Error in Parameters
   C: ETRN uu.net
   S: 458 Unable to queue messages for node uu.net
   ...
   C: ETRN sigurd.innosoft.com
   S: 250 OK, queuing for node sigurd.innosoft.com started
   C: ETRN innosoft.com
   S: 250 OK, queuing for node innosoft.com started
   ...
   C: ETRN foo.bar
   S: 459 Node foo.bar not allowed: Unable to resolve name.
   ...
   C: QUIT
   S: 250 Goodbye


10. Security considerations

     This command does not compromise any security considerations of any
   existing SMTP or ESMTP protocols as it merely shortens the time that
   a client needs to wait before their messages are retried.

     Precautions should be taken to make sure that any client server should
   only use the @ and # option characters for systems that make sense.
   Failure to implement some kind of secure sanity checking on the
   parameters could lead to congestion.  This would be evident of a person
   asking to release #com, which would release mail for any address that
   ended with com.

11.  Acknowledgements

   This document was created with lots of support from the users of our
   products, who have given some input to the functionality that they
   would like to see in the software that they bought.

11.  References

[1] J. B. Postel.  Simple Mail Transfer Protocol.  Request for Comments
    821, August 1982.

[2] D. H. Crocker.  Standard for the Format of ARPA Internet Text
    Messages.  Request for Comments 822, August 1982.

[3] K. Moore. Representation of Non-ASCII Text in Internet Message
    Headers.  Request for Comments 1522, September 1993.

[4] M. T. Rose, E. A. Stefferud, D. H. Crocker, John C. Klensin, Ned
    Freed.  SMTP Service Extensions.  Internet-draft, April 1995.

[5] C. Partridge.  Mail Routing and the Domain System.  Request for
    Comments 974, January 1986.


12.  Chair, editor, and author addresses

John Klensin, WG Chair
MCI
2100 Reston Parkway
Reston, VA 22091
 tel: +1 703 715-7361           fax: +1 703 715-7436
 email: klensin@mci.net

Ned Freed, Editor
Innosoft International, Inc.
1050 East Garvey Avenue South
West Covina, CA 91790
USA
 tel: +1 818 919 3600           fax: +1 818 919 3614
 email: ned@innosoft.com

Jack De Winter
Wildbear Consulting, Inc.
8-589 Beechwood Drive
Waterloo, Ontario, Canada
N2T 2K9
 tel: +1 519 886 3683
 email: jack@wildside.kwnet.on.ca