SMTP proxy

Last updated March 27, 2024

SMTP proxies are specialized mail servers that, similar to other types of proxy servers, pass simple mail transfer protocol (SMTP) sessions through to other SMTP servers without using the store-and-forward approach of a mail transfer agent (MTA). When an SMTP proxy accepts a connection, it initiates another SMTP session to a destination SMTP server. Any errors or status information from the destination server will be passed back to the sending MTA through the proxy.^[1]

Uses

SMTP proxies are commonly used to process and filter inbound and outbound email traffic.^[2]

Inbound SMTP proxying

SMTP proxies often serve as the initial, network-facing layer in an email system, processing SMTP connections from clients before forwarding data to a second layer of mail servers.^[3] SMTP proxies often implement the first and/or only layer of defence in an inbound anti-spam filtering system, where they can analyze messages using a spam content filter or antivirus program, block or rate limit connections using DNS blacklists and reputation systems, and load-balance SMTP connections to prevent overloading of mail servers.

Advantages of SMTP proxying

Because SMTP proxies do not store messages like an MTA does, they can reject SMTP connections or message content in real-time, doing away with the need for out-of-band non-delivery reports (NDRs), which are the cause of backscatter email, a serious problem in the Internet email system.

Some SMTP proxies implement TCP connection management (otherwise known as flow control), which can help to reduce damage to downstream mail servers resulting from spikes in TCP traffic from malicious SMTP clients. TCP connection management in the context of SMTP typically involves bandwidth throttling and/or introducing delays in SMTP command responses (also known as tarpitting). When slowed down, some malicious sources of SMTP traffic such as spambots tend to give up rather than continuing to deliver a full email message.^[4]

Network tarpitting can be challenging to implement within an email server, since each SMTP connection is processed more slowly than normal, often holding up precious system resources such as memory and CPU. Because SMTP proxies can be implemented using lighter-weight programming techniques such as asynchronous I/O (for example nginx, Node.js, Netty and libevent), thousands of connections can be juggled using the same resources as a much smaller number of connections in the context of a full-blown store-and-forward email server.

Outbound SMTP proxying

SMTP proxies are sometimes inserted between sending mail servers on a local network, and their receiving counterparts on the Internet. SMTP proxies are often used in this context in order to filter outgoing spam; however, other applications such as DomainKeys Identified Mail (DKIM) signing also exist^[5]

Types of SMTP proxies

SMTP proxies come in a few fundamental flavors:

Synchronous - each SMTP client connection causes the proxy to establish a single connection with a downstream mail server.
Multiplexing - the proxy establishes downstream connections to the mail server only as needed, and by intelligently juggling a pool of SMTP connections; this juggling protects the downstream mail server from excessive connection concurrency.^[6]
Transparent - the proxy is inserted into the network between clients and servers, masquerading itself in such a way that the client and server believe they are talking directly to each other, even though there is a proxy in the middle. The commercial "MailChannels Outbound" product from MailChannels implements a transparent proxy.^[7] Policy-based routing may be used to route SMTP traffic through a transparent SMTP proxy.

Related Research Articles

Electronic mail is a method of transmitting and receiving messages using electronic devices. It was conceived in the late–20th century as the digital version of, or counterpart to, mail. Email is a ubiquitous and very widely used communication medium; in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.

Within the Internet email system, a message transfer agent (MTA), mail transfer agent, or mail relay is software that transfers electronic mail messages from one computer to another using the Simple Mail Transfer Protocol. In some contexts, the alternative names mail server, mail exchanger, or MX host are used to describe an MTA.

The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.

An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. It improves privacy, security, and performance in the process.

A Domain Name System blocklist, Domain Name System-based blackhole list, Domain Name System blacklist (DNSBL) or real-time blackhole list (RBL) is a service for operation of mail servers to perform a check via a Domain Name System (DNS) query whether a sending host's IP address is blacklisted for email spam. Most mail server software can be configured to check such lists, typically rejecting or flagging messages from such sites.

A tarpit is a service on a computer system that purposely delays incoming connections. The technique was developed as a defense against a computer worm, and the idea is that network abuses such as spamming or broad scanning are less effective, and therefore less attractive, if they take too long. The concept is analogous with a tar pit, in which animals can get bogged down and slowly sink under the surface, like in a swamp.

Various anti-spam techniques are used to prevent email spam.

Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again after a delay, and if sufficient time has elapsed, the email will be accepted.

A bounce message or just "bounce" is an automated message from an email system, informing the sender of a previous message that the message has not been delivered. The original message is said to have "bounced".

Email filtering is the processing of email to organize it according to specified criteria. The term can apply to the intervention of human intelligence, but most often refers to the automatic processing of messages at an SMTP server, possibly applying anti-spam techniques. Filtering can be applied to incoming emails as well as to outgoing ones.

Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.

<span class="mw-page-title-main">Message submission agent</span>

A message submission agent (MSA), or mail submission agent, is a computer program or software agent that receives electronic mail messages from a mail user agent (MUA) and cooperates with a mail transfer agent (MTA) for delivery of the mail. It uses ESMTP, a variant of the Simple Mail Transfer Protocol (SMTP), as specified in RFC 6409.

Opportunistic TLS refers to extensions in plain text communication protocols, which offer a way to upgrade a plain text connection to an encrypted connection instead of using a separate port for encrypted communication. Several protocols use a command named "STARTTLS" for this purpose. It is a form of opportunistic encryption and is primarily intended as a countermeasure to passive monitoring.

MailChannels is a Canadian technology company that is specialized in email security for businesses and internet service providers (ISPs). Founded in 2004 by Ken Simpson and headquartered in Vancouver, British Columbia, the company operates in the areas of email security and infrastructure market. The business provides a variety of products and services designed to safeguard email systems against spam, phishing, and other harmful content. Simultaneously, they guarantee the dependable delivery of legitimate messages. Additionally, they offer a mail relay API for numerous websites.

Backscatter is incorrectly automated bounce messages sent by mail servers, typically as a side effect of incoming spam.

Email spammers have developed a variety of ways to deliver email spam throughout the years, such as mass-creating accounts on services such as Hotmail or using another person's network to send email spam. Many techniques to block, filter, or otherwise remove email spam from inboxes have been developed by internet users, system administrators and internet service providers. Due to this, email spammers have developed their own techniques to send email spam, which are listed below.

With the invention of email, an array of anti-spam techniques have been developed in regards to email spam. Email spam is the unwarranted inundation of unsolicited bulk emails. These are methods created on the client arrangement of a situation, rather than the server-side.

Amavis is an open-source content filter for electronic mail, implementing mail message transfer, decoding, some processing and checking, and interfacing with external content filters to provide protection against spam and viruses and other malware. It can be considered an interface between a mailer and one or more content filters.

Haraka is an open source SMTP server. Its architecture is plugin-oriented and event-driven. The server and its plugins are written in JavaScript using the Node.js framework.

References

↑ Frisch, Æleen (2002). Essential System Administration: Help for UNIX System Administrators . O'Reilly. ISBN 0596003439.
↑ Lammle, Todd (2012-01-09). CompTIA Network+ Study Guide Authorized Courseware: Exam N10-005. John Wiley & Sons. ISBN 978-1-118-23886-8.
↑ Pohlmann, Norbert; Crothers, Tim (2004). Firewall Architecture for the Enterprise. Laxmi Publications Pvt Limited. ISBN 978-81-7008-349-8.
↑ Article discussing an implementation of SMTP tar-pitting. Fetched from the Web Hosting Industry Review web site on May 7, 2012.
↑ Setting up the outbound proxy with Postfix Fetched on May 7, 2012.
↑ Developing High Performance Asynchronous IO Applications. Fetched May 7, 2012.
↑ MailChannels Outbound Product Information

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Frisch, Æleen (2002). Essential System Administration: Help for UNIX System Administrators . O'Reilly. ISBN 0596003439.

[2] Lammle, Todd (2012-01-09). CompTIA Network+ Study Guide Authorized Courseware: Exam N10-005. John Wiley & Sons. ISBN 978-1-118-23886-8.

[3] Pohlmann, Norbert; Crothers, Tim (2004). Firewall Architecture for the Enterprise. Laxmi Publications Pvt Limited. ISBN 978-81-7008-349-8.

[MailChannels_article_at_Web_Hosting_Industry_Review-4] Article discussing an implementation of SMTP tar-pitting. Fetched from the Web Hosting Industry Review web site on May 7, 2012.

[DKIMproxy_web_site-5] Setting up the outbound proxy with Postfix Fetched on May 7, 2012.

[MailChannels_paper_on_O'Reilly-6] Developing High Performance Asynchronous IO Applications. Fetched May 7, 2012.

[MailChannels_product_information_web_site-7] MailChannels Outbound Product Information

[1]

[2]

[3]

[4]

[5]

[6]

[7]