SMTP protocol

This protocol sends an e-mail with optional attachments.

• Protocol summary
• Example usage
• Request and response format
○ POST operation
• Configuration
○ SMTPS configuration

Protocol summary
Name
smtp
Description
Sends an e-mail using SMTP and MIME encoding.
Resource name
Can contain the primary recipient e-mail address or can be overridden using mailto
protocol configuration parameter.
Operations
POST - send e-mail.
The EmailConnection class provides a simple way to build Connection requests for the smtp
protocol implementation, including e-mail attachments.
Example usage
The following example uses the EmailConnection API to send a simple e-mail message:
try {
EmailConnection email = new EmailConnection("you@projectzero.org");
email.setFromAddress("me@projectzero.org");
email.setSubject("Hello you!");
email.setContent("This is the e-mail body.");
email.send();
} catch (Exception e) {
// Failed to send e-mail
}
• See Sending an e-mail using EmailConnection for more examples using the
EmailConnection API.
• You can also use the sendEmail activity to send an e-mail using the smtp protocol
implementation from a flow.
Request and response format
This section details the headers and body types for the requests and responses of the supported
operations.
POST operation
The POST operation sends an e-mail to a SMTP server. The request body becomes the body of
the e-mail message.
Request headers
Request
Comments
header name
Subject e-mail subject text.
Sender's e-mail address. If not supplied, the primary recipient e-mail address is
From
used as the sender's e-mail address.
Optional List of recipient e-mail addresses. The primary recipient e-mail address
To (as specified by the request resource target or the mailto configuration
parameter) is automatically added.
Cc Optional List of CC recipient e-mail addresses.
Bcc Optional List of BCC recipient e-mail addresses.
e-mail body MIME type. If not specified, text/plain; charset=UTF-8 is
Content-Type
assumed.
MIME-Version Simple applications must leave this header unset.
Any other headers to be sent with the SMTP message. If the request header has
Other headers
multiple values, each value is sent to the server as a separate SMTP header.
• The values of To, Cc and Bcc headers must be lists of simple, individual e-mail addresses.
Addresses must be of the form user@domain.com only (real name annotations are not
supported). Multiple addresses must be represented as multiple values in the lists
(comma-separated lists of addresses are not supported).
• The MIME-Version header should only be set by advanced, MIME-aware applications
and connection handlers. If the following conditions are all true then the body is assumed
to be already encoded into 7-bit ASCII and is transmitted without further MIME
processing:
○ MIME-Version is specified.
○ Content-Type header value begins with multipart/mixed.
○ The request body is not an instance of MultipartBody.
• If the request body is an instance of MultipartBody then the values of the following
request headers are replaced with values appropriate for the MIME encoded request
body:
○ MIME-Version
○ Content-Type
○ Content-Transfer-Encoding
Request body
Request body
Comments
type
Encodes character data for SMTP transmission using MIME, according to
String or Reader charset in Content-Type header. If Content-Type has multiple values then
the first value is used. If charset not specified then 7-bit ASCII is assumed.
 Request body
Comments
type
byte[] or
Encodes binary data for SMTP transmission using MIME.
InputStream
MultipartBody Encode multi-part body using MIME.
Other types Calls toString() and processes result as String.
Response headers
No response headers defined.
Response body
String containing final response message from SMTP server.

Configuration
Parameter Description Default
hostname SMTP server hostname. localhost
Port 465 if smtpsConfig is set,
port SMTP server port number.
otherwise port 25.
Override primary recipient e-mail
mailto Request target resource name.
address.
None set. (Unencrypted SMTP
smtpsConfig SMTPS configuration name.
connection)
None set. (Unauthenticated SMTP
userid AUTH PLAIN user ID.
connection)
AUTH PLAIN password. (XOR
password None set.
strings are supported)
connectionTimeout Connection timeout, in seconds. 15 seconds.
readTimeout Socket read timeout, in seconds. 60 seconds.
• If the userid configuration parameter is supplied, the userid and password values are
sent to the SMTP server, using the AUTH PLAIN authentication mechanism. The
connection will fail if the SMTP server rejects the supplied credentials or does not
support the AUTH PLAIN authentication mechanism.
• If the value of smtpsConfig is either null or the empty string then an unencrypted socket
connection will be used to connect to the SMTP server. If the value contains a SMTPS
configuration name, the named configuration will be used to establish a SSL socket
connection to SMTP server (SMTPS). The default value of the port parameter is 25 for
SMTP and 465 for SMTPS.
• Protocol configuration can be applied to the connection request using various mechanism,
as described in Configuring protocols.
In the following example, a default SMTP server is set for the smtp protocol:
/config/connection/defaults/smtp/hostname = "smtp.projectzero.org"
With no further configuration, the specified SMTP server will be contacted on port 25, using an
unencrypted connection and no authentication.
The next example contains a default configuration for a secure SMTP server:
/config/connection/defaults/smtp/hostname = "smtp.projectzero.org"
/config/connection/defaults/smtp/userid = "user1"
/config/connection/defaults/smtp/password = "password1"
/config/connection/defaults/smtp/smtpsConfig = "defaultConfig"
Using this configuration an SMTPS connection will be established to port 465 of the specified
server, using the predefined defaultConfig SSL configuration. The user ID and password will
be sent to the SMTP server to authenticate the connection.
SMTPS configuration
By setting a value for the smtpsConfig protocol configuration parameter, you can specify that
an SSL socket is to be used to connect to the SMTP server (SMTPS). The value of smtpsConfig
names a SMTPS configuration to be used for the connection.
The zero.core module contains a predefined SMTPS configuration, which checks that the
SMTPS server presents a valid certificate signed by one of a selection of well-known certificate
authorities. To use this configuration, the value of smtpsConfig must be set to defaultConfig.
The defaultConfig configuration does not present a client certificate to the remote server.
You can configure a custom SMTPS configuration using your own trust store and key store. An
SMTPS configuration is specified using the key /config/connection/smtps/ configName, as
demonstrated in the following example:
/config/connection/smtps/mySmtpsConfig = {
"trustStore" : "config/truststore.jks",
"trustStorePassword" : "password",
"trustStoreType" : "JKS"
}
The above configuration can be selected by setting smtpsConfig value to mySmtpsConfig.
The SSL configurations defined under /config/connection/smtps/ configName can contain
the following properties:
Property Description Notes
File name of trust store to be used to validate
trustStore Required.
server identity.
Trust store password. (XOR strings are
trustStorePassword Required.
supported)
trustStoreType Trust store type. Required.
File name of key store containing client Optional, default is
keyStore
certificate. no client certificate.
Required if
Key store password. (XOR strings are
keyStorePassword keyStore is
supported)
specified.
Required if
keyStoreType Key store type. keyStore is
specified.
If true, the outbound connection does not
Optional, default
disableTrustVerification perform any checks to validate the identity of
value is false
the remote server.

Introduction to e-mail
E-mail is considered as being the most widely used service on the Internet. So the TCP/IP
protocol suite offers a range of protocols allowing the easy management of email routing over
the network.
The SMTP protocol
The SMTP protocol (Simple Mail Transfer Protocol) is the standard protocol enabling mail to
be transferred from one server to another by point to point connection.
This is a protocol operating in online mode, encapsulated in a TCP/IP frame. The mail is sent
directly to the recipient's mail server. SMTP protocol works using text commands sent to the
SMTP server (on port 25 by default). Each command sent by the client (validated by the ASCII
character string CR/LF, equivalent to a press on the enter key) is followed by a response from the
SMTP server comprising of a number and a descriptive message.
Here is a scenario of a request for sending mail to an SMTP server
• When opening the SMTP session, the first command to be sent is the HELO command
followed by a space (written <SP>) and the domain name of your machine (in order to
say "hello, I am this machine"), then validated by enter (written <CRLF>). Since April
2001, the specifications for the SMTP protocol, defined in RFC 2821, mean that the
HELO command is replaced by the EHLO command.
• The second command is "MAIL FROM:" followed by the email address of the originator.
If the command is accepted the server sends back the message "250 OK"
• The next command is "RCPT TO:" followed by the email address of the recipient. If the
command is accepted the server sends back the message "250 OK"
• The DATA command is the third stage for sending email. It announces the start of the
message body. If the command is accepted the server sends back an intermediary
message numbered 354 indicating that the sending of the email body can begin and
considers the collection of following lines until the end of the message located by a line
containing only a dot. The email body possibly contains some of the following headers:
○ Date
○ Subject
○ Cc
○ Bcc
○ From
If the command is accepted the server sends back the message "250 OK"
Here is an example of a transaction between a client (C) and an SMTP server (S)
S: 220 smtp.commentcamarche.net SMTP Ready
C: EHLO machine1.commentcamarche.net
S: 250 smtp.commentcamarche.net
C: MAIL FROM:<webmaster@kioskea.net>

S: 250 OK
C: RCPT TO:<meandus@meandus.net>

S: 250 OK
C: RCPT TO:<tittom@tittom.fr>
S: 550 No such user here
C: DATA
S: 354 Start mail input; end with <CRLF>.<CRLF>

C: Subject: Hello
C: Hello Meandus,
C: How are things?
C:
C: See you soon!
C: <CRLF>.<CRLF>

S: 250 OK
C: QUIT
R: 221 smtp.commentcamarche.net closing transmission
The basic specifications of the SMTP protocol mean that all the characters sent are coded in
ASCII code over 7 bits and that the 8th bit is explicitly put at zero. So to send accented characters
it is necessary to resort to algorithms integrating MIME specifications:
• base64 for attached files
• quoted-printable (abbreviated to QP) for special characters contained within the
message body
It is therefore possible to send an email using a simple telnet on port 25 of the SMTP server:
telnet smtp.commentcamarche.net 25
(the server indicated above is deliberately nonexistent, you can try by replacing
commentcamarche.net by the domain name of your internet service provider)
Here is a summary of the principal SMTP commands
Command Example Description
HELO (now Identification using the IP address or domain
EHLO 193.56.47.125
EHLO) name of the originator computer
MAIL FROM:
MAIL FROM: Identification of the originator's address
originator@domain.com
RCPT TO:
RCPT TO: Identification of the recipient's address
recipient@domain.com
DATA DATA message Email body
QUIT QUIT Exit the SMTP server
List of SMTP commands supported by the
HELP HELP
server
All the specifications for the SMTP protocol are defined in RFC 821 (since April 2001, the
SMTP protocol specifications are defined in RFC 2821).

HTTP protocol- What is HTTP?

Computers on the World Wide Web use the HyperText Transfer Protocol to talk with each other.
The HTTP provides a set of instructions for accurate information exchange. The communication
between the client (your browser) and the server (a software located on a remote computer)
involves requests sent by the client and responses from the server.
Each client-server transaction, whether a request or a response, consists of three main parts
 1. A response or request line
2. Header information
3. The body
A client connects to the server at port 80 (unless it has been changed by the system
administrator) and sends a request. The request line from the client consists of a request method,
the address of the file requested and the HTTP version number.
GET /mypage.html HTTP/1.1
The above request calls for mypage.html file using the GET HTTP method; the version of HTTP
used is 1.1.
After the request line comes the header data that consists of configuration information about the
client and its document viewing preferences. The header is a series of lines, each of which
contains a specific detail about the client and ends with a blank line. A header may look like this:
ACCEPT: */*
ACCEPT_LANGUAGE:en-us
REFERER:http://www.simplygraphix.com/wedes.html
USER_AGENT:Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
...
Most of the lines in the header are self-explanatory. The ACCEPT identifies the various kinds of
files which the client can display. The REFERER lines contains the document from which the
request was generated. In the case above, it is webdes.html document from
http://www.simplygraphix.com web site that has sent the request. the The USER_AGENT
specifies the browser and gives details on its version number.
The body of the request will contain data sent by the client via POST method.
The server now responds. Again, the response consists of three parts.
The response line contains information on the HTTP version number, a status code that indicates
the result of the request from the client and a description of the status code in 'English'.
HTTP/1.1 200 OK
The HTTP version used is 1.1 and the status code 200 and 'OK' explain the result of the client's
request. There are many HTTP server status codes and you can know more about them through
the links given at the end of this page.
The header from the server contains information about the server software and the document sent
to the client.
Date: Wed, 16 Aug 2000, 13:25:54 GMT
Server: NCSA/1.5.2
Last-modified: Sat, 22 Jan 2000, 05:15:43
Content-type: text/html
Content-length: 12443
The header is followed by a blank line that indicates the end of the header information. From the
example above, the server sends an html document of size 12443 bytes as shown by the Content-
type and Content-length lines. The server line gives details about the server software. The rest is
quite evident.
One last point on the HTTP protocol- HTTP is a stateless protocol, which means that the
connection between the browser and the server is lost once the transaction ends.
Page contents: Understanding the HTTP Protocol and how it is used by the client to receive files
and by the server to process client requests.

what is http protocol?

The http protocol is the language known as http, which your web browser uses to talk with a web
server. The http protocol is used for communications in the Internet. The http protocol leads to
the World Wide Web establishment.
The development of the http protocol is coordinated by the W3C and IETF, the iterations of the
http protocol is presented in the RFCs, and the RFC 2616 from June 1999 defines the http
protocol version 1.1, the most commonly used version of the http protocol. The http protocol is a
standard of requests and responses between a server and a client. A client using the http protocol
is usually a web browser, and the server using the http protocol is the website.

About https, http protocol over SSL

The http protocol is not secure. Anyone who has access to your network may potentiality capture
and see the sensitive information sent over the http protocol (logins, passwords, etc). In this case
web servers use the https protocol. The https protocol is the same http protocol working over an
encrypted Secure Sockets Layer (SSL) providing strong encryption.

What is the Difference Between Http and

Https?
http is hyper text transfer protocol which is responsible for transmitting and receiving information
across the Internet where as https is secure http, which is used exchanging confidential

information with a server, which needs to be secured in order to prevent

unauthorized access.
HTTP is Hyper Text Transport Protocol and is transmitted over the wire via PORT 80(TCP).
You normally use HTTP when you are browsing the web, it's not secure, and so someone can
eavesdrop on the conversation between your computer and the web server. HTTP can support the
client asking for a particular file to be sent only if it has been updated after a certain date and time.
This would be used if the client has already retrieved a copy of a file by that name from that
server, but wants to check to see if it has been updated since then. The server responds either
with the updated file, with a message to say the file has not been changed, or with a message that
the file no longer exists.
HTTPS (Hypertext Transfer Protocol over Secure Socket Layer or HTTP over SSL) is a Web protocol
developed by Netscape and built into its browser that encrypts and decrypts user page requests as
well as the pages that are returned by the Web server. HTTPS is really just the use of Netscape's

Secure Socket Layer (SSL) as a sub layer under its regular HTTP application
layering. (HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer,
TCP/IP.) SSL uses a 40-bit key size for the RC4 stream encryption algorithm, new-age browsers
use 128-bit key size which is more secure than the former, it is considered an adequate degree of
encryption for commercial exchange. HTTPS is normally used in login pages,
shopping/commercial sites.
How it Work
Https is not a separate protocol, but refers to the combination of a normal HTTP interaction over
an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) transport mechanism.
This ensures reasonable protection from eavesdroppers and (provided it is implemented properly
and the top level certification authorities do their job properly) man-in-the-middle attacks.
The default TCP port of an https: URL is 443 (for unsecured HTTP, the default is 80). To
prepare a web-server for accepting https connections the administrator must create a public key
certificate for the web-server. These certificates can be created for Linux based servers with tools
such as Open SSL's ssl or SuSE's gensslcert. This certificate must be signed by a certificate
authority of one form or another, who certifies that the certificate holder is who they say they are.
Web browsers are generally distributed with the signing certificates of major certificate
authorities, so that they can verify certificates signed by them.
Main Features

Dedicated to HTTP protocol, show a wide range of HTTP related information,

request and response header, content, sent and received cookies, stream, query strings, post form
values…
Request builder, Users can handcraft an HTTP request by using the HTTP Request Builder, or
they can use a drag-and-drop operation to move an existing request from the session grid to the
Request Builder to execute it again.
Hex Viewer allows users to view and edit binary files in hexadecimal and textual format. New
Displays Winsock traffic originating from Java applets and JavaScript embedded in a Web page,
displays Winsock traffic originating from ActiveX controls and COM objects instanced by an
application (Stand-alone Edition Only)
"Before request and after response" browser cache comparisons
Support HTTPS, show you unencrypted data sent over HTTPS / SSL connections, HTTPS is
available if the application uses the Microsoft WININET API (ex. ie, outlook) or Mozilla NSS
API. (ex. firefox, thunderbird)
Selectively clear caches and cookies which are related with HTTP/HTTPS sessions