On-Demand Mail Relay (ODMR) is an SMTP extension standardized in RFC2645 that allows e-mail to be relayed to the recipients after they have been authenticated. It uses the extended SMTP command ATRN, similar to the ETRN command but available for dynamically assigned IP addresses.
ODMR works in the following way: to check their inbound mail, customers issue EHLO and AUTH commands to the ODMR service, followed by ATRN command (Authenticated TuRN); after a successful ATRN command the ODMR server begins to act as an SMTP client and starts to send all messages directed to the customer's domain (or domains) using SMTP protocol, via the same TCP connection. Since connections are initiated by customers, this protocol works well for machines having dynamically assigned IPs and/or are firewall protected (i.e. your ISP may block incoming connection on port 25 or may use NAT). Only the ODMR server, referred as the provider, must listen to SMTP connections on a fixed IP address.
External ODMR Support
The design of ODMR allows the protocol to be used with an SMTP server that doesn't support it natively. A separate application can be used to do the initial ODMR protocol negotiation (EHLO, AUTH and ATRN), then hand over the connection to the SMTP server once the protocol has reached the "reversed" state.
ODMR transport example
A typical example of getting emails with ODMR.
For illustration purposes here (not part of protocol), the protocol exchanges are prefixed for the server (>) and the client (<).
> 220 EXAMPLE.NET on-demand mail relay server ready < EHLO example.org > 250-EXAMPLE.NET> 250-AUTH CRAM-MD5 EXTERNAL> 250 ATRN < AUTH CRAM-MD5 > 334 <keysequenz>> 235 now authenticated as example.org < ATRN example.org, example.com > 250 OK now reversing the connection < 220 example.org ready to receive email > EHLO EXAMPLE.NET < 250-example.org < 250 SIZE > MAIL FROM:<Lester.Tester@dot.foo.bar> < 250 OK > RCPT TO:<l.eva.msg@example.com> < 250 OK, recipient accepted ... > QUIT < 221 example.org closing connection
Related Research Articles
In computing, the Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. Today, POP version 3 (POP3) is the most commonly used version. Together with IMAP, it is one of the most common protocols for email retrieval.
The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.
An open mail relay is a Simple Mail Transfer Protocol (SMTP) server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users. This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular because of their exploitation by spammers and worms. Many relays were closed, or were placed on blacklists by other servers.
An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.
SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.
Various anti-spam techniques are used to prevent email spam.
Digest access authentication is one of the agreed-upon methods a web server can use to negotiate credentials, such as username or password, with a user's web browser. This can be used to confirm the identity of a user before sending sensitive information, such as online banking transaction history. It applies a hash function to the username and password before sending them over the network. In contrast, basic access authentication uses the easily reversible Base64 encoding instead of hashing, making it non-secure unless used in conjunction with TLS.
Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.
Forward-confirmed reverse DNS (FCrDNS), also known as full-circle reverse DNS, double-reverse DNS, or iprev, is a networking parameter configuration in which a given IP address has both forward (name-to-address) and reverse (address-to-name) Domain Name System (DNS) entries that match each other. This is the standard configuration expected by the Internet standards supporting many DNS-reliant protocols. David Barr published an opinion in RFC 1912 (Informational) recommending it as best practice for DNS administrators, but there are no formal requirements for it codified within the DNS standard itself.
Certified Server Validation (CSV) is a technical method of email authentication intended to fight spam. Its focus is the SMTP HELO-identity of mail transfer agents.
In cryptography, CRAM-MD5 is a challenge–response authentication mechanism (CRAM) based on the HMAC-MD5 algorithm. As one of the mechanisms supported by the Simple Authentication and Security Layer (SASL), it is often used in email software as part of SMTP Authentication and for the authentication of POP and IMAP users, as well as in applications implementing LDAP, XMPP, BEEP, and other protocols.
The comparison of mail servers covers mail transfer agents (MTAs), mail delivery agents, and other computer software that provide e-mail services.
A smart host or smarthost is an email server via which third parties can send emails and have them forwarded on to the email recipients' email servers.
Opportunistic encryption (OE) refers to any system that, when connecting to another system, attempts to encrypt communications channels, otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two systems.
Opportunistic TLS refers to extensions in plain text communication protocols, which offer a way to upgrade a plain text connection to an encrypted connection instead of using a separate port for encrypted communication. Several protocols use a command named "STARTTLS" for this purpose. It is a form of opportunistic encryption and is primarily intended as a countermeasure to passive monitoring.
POP before SMTP or SMTP after POP is a method of authentication used by mail server software which helps allow users the option to send e-mail from any location, as long as they can demonstrably also fetch their mail from the same place.
In-band control is a characteristic of network protocols with which data control is regulated. In-band control passes control data on the same connection as main data. Protocols that use in-band control include HTTP and SMTP. This is as opposed to Out-of-band control used by protocols such as FTP.
SMTP Authentication, often abbreviated SMTP AUTH, is an extension of the Simple Mail Transfer Protocol (SMTP) whereby a client may log in using any authentication mechanism supported by the server. It is mainly used by submission servers, where authentication is mandatory.
In cryptography, the Salted Challenge Response Authentication Mechanism (SCRAM) is a family of modern, password-based challenge–response authentication mechanisms providing authentication of a user to a server. As it is specified for Simple Authentication and Security Layer (SASL), it can be used for password-based logins to services like SMTP and IMAP (e-mail), XMPP (chat), or MongoDB and PostgreSQL (databases). For XMPP, supporting it is mandatory.
This page is based on this Wikipedia article Text is available under the CC BY-SA 4.0 license; additional terms may apply. Images, videos and audio are available under their respective licenses.
