How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>


RFC 821 http://tools.ietf.org/html/rfc821

IETF RFC821 defines the Simple Mail Transfer Protocol (SMTP) which is a mail service modeled on the FTP file transfer service. SMTP transfers mail messages between systems and provides notification regarding incoming mail.

Commands

SMTP commands are ASCII messages sent between SMTP hosts. Possible commands are as follows:

Command Description
DATA Begins message composition.
EXPN <string> Returns names on the specified mail list.
HELO <domain> Returns identity of mail server.
HELP <command> Returns information on the specified command.
MAIL FROM <host> Initiates a mail session from host.
NOOP Causes no action, except acknowledgement from server.
QUIT Terminates the mail session.
RCPT TO <user> Designates who receives mail.
RSET Resets mail connection.
SAML FROM <host> Sends mail to user terminal and mailbox.
SEND FROM <host> Sends mail to user terminal.
SOML FROM <host> Sends mail to user terminal or mailbox.
TURN Switches role of receiver and sender.
VRFY <user> Verifies the identity of a user.

Messages

SMTP response messages consist of a response code followed by explanatory text, as follows:

Response Code Explanatory Text
211 (Response to system status or help request).
214 (Response to help request).
220 Mail service ready.
221 Mail service closing connection.
250 Mail transfer completed.
251 User not local, forward to <path>.
354 Start mail message, end with <CRLF><CRLF>.
421 Mail service unavailable.
450 Mailbox unavailable.
451 Local error in processing command.
452 Insufficient system storage.
500 Unknown command.
501 Bad parameter.
502 Command not implemented.
503 Bad command sequence.
504 Parameter not implemented.
550 Mailbox not found.
551 User not local, try <path>.
552 Storage allocation exceeded.
553 Mailbox name not allowed.
554 Mail transaction failed.

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport
CVE-2000-0042tcpany25
Description: Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.
CVE-1999-0404tcpany25
Description: Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution.
CVE-1999-0208tcpany25
Description: rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.
CVE-1999-0204tcp11325
Description: Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.
CVE-1999-0204tcpany25
Description: Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.
CVE-1999-0095tcpany25
Description: The debug command in Sendmail is enabled, allowing attackers to execute commands as root.
CVE-2000-0343tcpany25
Description: The debug command in Sendmail is enabled, allowing attackers to execute commands as root.
CVE-1999-1200tcpany25
Description: The debug command in Sendmail is enabled, allowing attackers to execute commands as root.

TCP/IP Protocols:

AHARP/RARPATMPBGP-4COPSDCAPDHCPDNS
DVMRPEGPEIGRPESPFANPFingerFTPHSRP
HTTPICMPICMPv6IGMPIGRPIMAP4IPIPDC
IPv6ISAKMPL2FL2TPLDAPMARSMobile IPNARP
NetBIOS/IPNHRPNTPOSPFPIMPOP3PPTPRadius
RIP2RIPng for IPv6RLOGINRSVPRTSPRUDPS-HTTPSCTP
SLPSMTPSNMPSOCKS V5TACACSTALITCPTELNET
TFTPUDPVan JacobsonVRRPWCCPX-WindowXOT