E-mail servers and clients

Junk important bills pretty much the usual state of affairs for my mail.

Now what we're talking about mail in the TCP/IP world.

What we're really talking about is Google email now when we're dealing with e-mail
you're dealing with sending mail and receiving mail.

So well we're going to be starting off with here is kind of old school e-mail where
you would have an actual client.

They would have names like Outlook or Thunderbird or things like that that you'd be
running on your local computer.

Granted today a lot of us use things like Yahoo and Gmail which are web based but I
don't want you to think in those terms yet let's go back a few years to the days
when email was run through old school clients to old school servers.

OK well once again here we are with the machine set up as a server and a machine
set up as a client.

Now before we get into this too much you need to appreciate when it comes to e-
mail.

Well let's look at it from the client side.

You're going to be sending e-mail to deliver to other people and then you're going
to be receiving e-mail that other people have sent to you.

So you really have two different things going on now on the sending side.

We use a protocol called SMTP simple mail transfer protocol and that runs on TCP
port 25.

And that's pretty universal.

If you talk about how you receive email you got two choices here.

Both of these are pretty commonly used.

The older one is called Post Office Protocol version 3 or POP 3 POP 3 runs on TCP
port 110.

You get the impression that network plus really wants you to memorize a bunch of
ports you're right.

Now the other competitor to pop three is called Hold on Internet message access
protocol and this one is version 4. IMAP

IMAP runs on TCP port 143.

So when you're setting up email on the server side you'll be setting up the SMTP
part and then you're going to decide whether you're going to be IMAP or pop 3 and
then your clients are going to have to be configured so people will say things like
oh is your server IMAP or pop 3.

Because when we configure it.

We're going to need to know that.

So when it comes to email servers and clients it's extremely common to have one
piece of software that acts both both as an SMTP server as well as either a pop 3
or IMAP server that's extremely common.

OK so what I've got here is this is my server side and I'm using an e-mail server
called H mail server.

There's hundreds of them out there.

I kind of like this one.

The thing to keep in mind is that when you're setting up an e-mail server it's
extremely common for one piece of software to act as both the SMTP server as well
as either the IMAP or the pop server as well.

So what we're going to do here is since emails based on domain names.

Well the first thing we're going to do is create a domain.

Now I've created a domain here called timmy dot local Timmy.

Our local is a domain that can't be out on the real Internet.

So if it's like Dotcom's or dot orgs this isn't part of the true internet DNS
service.

So and that's why we use it because it just kind of an internal thing but it works
fine.

So then we have to make some accounts.

So I've made three accounts here so Dave at timmy dot local Fred a timmy local and
Mike at timmy dot local.

And once I get this up and running it pretty much automatically works.

Now this is SMTP server and it's also a pop 3 server.

There's no settings for it because that's all it does so that's it.

And it's working.

So the e-mail server is up and running.

Now once this is up in cooking we can go ahead and let's take a look at the client
and what we have to do to get this guy set up.

Now for the client side I'm going to choose a very popular program called Mozilla
Thunderbird.

Now keep in mind that this is a self-standing email client.

I know a lot of people these days like to use web mail and there's nothing wrong
with that I use it like crazy but the network Plus once you understand this older
way of doing things when it comes to email so let's take a look at what we've got
here.
So I've set up this email client for Mike at timmy dot local.

Now what I want to do is let's just take a look at some of the settings here.

Whenever you're setting up an e-mail client you're going to have to be setting up

your SMTP site and then your pop or your IMAP side.

So I'm going to go down to SMTP And if we take a look here I set this guy and I
typed in the IP
address for this server.

So I just typed in the 202.13.212.104.

So you see that my port is 25.

I need to warn you as you're looking through these screens you're going to see a
lot of stuff like this.

And that's because most e-mail that's done in this old client style is now done in
a secure way.

So that's not covered on network plus So we're kind of doing it old school here.

So it's going to be using SMTP port 25.

OK.

Now the other side and every one of these clients is different.

So on this particular guy the server type is set up as a pop mail server and you
can see it's the exact same server number because my server does both and the port
is 110.

So if I wanted to change this to IMAP while I'd actually have to end up deleting
this entire thing and then resetting it up from scratch.

That once I've set up I can do all the usual things that we're used to seeing with
email I can send mail right stuff whatever I want to do.

And this puppy has pretty much set up.

The big thing that people are asking about all the time is what's really the
difference tween pop and imap.

Well the differences are fairly subtle but it's important.

Pop is very old school in that anything you have up on your server is simply
copying down individual emails or copy down to your computer on your client.

You can set up folders and things like that and organize your e-mail but it's just
done on your client.

I map is kind of like well it's a lot like web based mail where you can set up
folders online and those folders are always there no matter where you log in.

So it with an I'm at e-mail server copies of your e-mail are left online unless you
explicitly want to take them out there left online and you can create folders and
things like that that will be matched on your client.
So I know that is a little bit more popular these days than pop.

And it's really up to whoever is setting up your e-mail server how you set up your
client to use one or the other.

OK.

So now that we've seen both the server side and the client side let's go through
the process of sending and receiving some e-mail.

And let's actually watch using Wireshark.

What that e-mail looks like.

Now I'm back on the server.

And what I've done here is I went ahead and fired up Wireshark.

And what I did is on another machine I went ahead and sent an e-mail.

So the client is sending the e-mail but the server here is actually receiving an
empty packet from the client.

And then he'll go ahead and send it on from there.

So what I need to do is filter out all this goo.

There are some SMTP

So let me just filter on SMTP

Supply that.

OK.

So what we're looking at here is the actual SMTP packet packets as they're being
sent.

So once again here's the server.

And here's the Client itself.

So the guy missed another packet right at the beginning of it that's OK.

So here we go.

It goes to an authorization and it's then going to be it actually sends a a

challenge all authentication.

And now it's sending the e-mail itself remember the e-mails coming in.

So let's take a look at this.

We can actually follow the TCP stream and you can see the e-mail as it's coming in
from the client.

So it's from day that Timmy out local is going to send it to Mike at him local and
he says OK send it and there's not much to be said here.
Just as this is the second test e-mail so not too terribly exciting but there it is
pretty much ready to go.

Now one thing I didn't get on this capture is the actual log in process so logging
in and all that type of stuff with e-mail is done in all these separate little
individual commands.

So I didn't see that when if I had seen it though it would have been totally in the
clear.

So that's the basics of e-mail.

Make sure you've got your three big port numbers memorized as SMTP is port 25.

Pop is on port 110 and Imap is on port 143.

Do keep in mind though that this old school e-mail is completely in the clear.

We do have other technologies that allow emails to be encrypted today using a lot
of different ways to do it.

We'll be covering that as we do encryption in later episodes.

But for right now remember you've got an e-mail client you've got a server you've
got three port numbers you need memorized for the exam.

SMTP uses port 25

POP3 uses port 110

IMAP uses port 143

Securing E-mail

The big problem with email is that it was designed from the ground up to not be
secure.

So SMTP IMAP and pop protocols are by default unencrypted protocols so as the years
progressed people began to realize that hey man I need to get encrypted email now I
need to warn you right now it's very easy for you to take the end user attitude
about this stuff and you know like I just use Gmail or I just use Yahoo or I just
use an encrypted tool like proton's mail we're not talking about the users we're
talking about us nerds who are the people who have to configure this stuff and get
it set up OK.

So what we're going to be talking about here is that you got a mail server that
you're having to deal with and what you're trying to do is you're trying to move
out of the unencrypted world and into the encrypted world.

All email server tools can easily handle encrypted e-mail.

Assuming you've got them set up right.

And I need to warn you the exam hits on this very hard.

So let's take a moment and discuss how we encrypt email so I've got my client here.

Here let me write client and this client here is probably running a more
traditional client outlook or Thunderbird or something like that.
It might be a web based tool but we're not talking about Gmail here folks we're not
talking about Yahoo we're not talking about web based.

We're talking about real email in this case so what we would normally have and we
covered in other episodes that we would have SMTP over here this is an SMTP server
and he's going to be running on port 25 and then it might be either Imap or a POP
3.

Now pop isn't nearly as common as it used to be but whoops it ran on port 110.

Pretty much everybody uses I'm at these days because it's nice to be able to create
folders in your email and stuff like that and that runs on 143 no problem right.

You set this stuff up in fact by default any e-mail server tool will go ahead and
set up these ports automatically.

The probably ran into is that moving from unencrypted to encrypted email was not a
smooth one time process.

We went through a number of issues.

The biggest issue is that first of all everybody said we're going to use TLS the
same way we use for encryption and our web browsers.

That's great.

But it took a while to figure this out.

The first problem we ran into is that you would have a client and it would come
into an encrypted server but it would start the conversation using traditional
ports and then it would switch over and that this was called traditional TLS.

Notice I'm using the past tense when I say this so Imap was on port 993 you'd start
the conversation on 143 but then quickly switch over to 993.

Pop was on 995 and then SMTP was on 465 and this was built into the e-mail servers
and email
clients they all worked fine.

Though a certificate into your e-mail server everything worked great.

However the powers that be as they looked at this TLM solution they began to say
themselves wait a minute this is silly.

We're going from one port number to another port number so bad guys because they
know about 110 and port 25 and 143 might be monitoring might be a man in the middle
type of thing.

So instead why don't we just erase all that and come up with another technology
called StartTLS.

It's still TLS folks.

But at no time is it in an unencrypted state.

So StartTLS was originally designed and I don't care.

All three of these ran on the same port number 465.

The idea of using 465 is because it was the one used with originally a TSL and they
just arbitrarily picked it.

You don't need three ports in this case you've got a smart device that's able to
separate these things.

But there was a problem and the problem was that we had a lot of mail servers and
we're talking about the early 2000s this isn't that terribly long ago where these
servers would try to support both of these protocols.

And as you can see if you've got two different protocols TLS and StartTLS that
began to create a mess they said OK OK OK.

That 465 was just temporary until you use the official port that we'll always use
from here on in port 587.

I'm going to warn you when you're configuring both email servers and email clients
there's a lot of variance in here and a lot of times the answer is is you're going
to have to dig and try to figure out on the server side.

Where do you set your port settings and what other you know you'll see you start to
tell us yes or no and yet get the stuff configured right and on the client side it
can even be more frustrating.

Very popular email clients like Thunderbird actually use improper phrasing that can
make this stuff very very confusing for the exam.

It is really important to me that you understand that there were two different
protocols TLS was the first version TLS started unencrypted then went to encrypted
using these port numbers.

And today pretty much everybody used start DNS and start DNS should be using 587
but don't be surprised if you see a question where it says StartTLS 465.

Traditional E-mail
SMTP port 25 - Unencrypted, 465 Encrypted
POP3 port 110 - Unencrypted, 995 Encrypted
IMAP port 143 - Unencrypted, 993 Encrypted

StartTLS
IMAP,POP3,SMTP - Port 465
TLS/StartTLS conflicted with Port 465
StartTLS changed to Port 587