Professional Documents
Culture Documents
Protocol summary
Name
smtp
Description
Sends an e-mail using SMTP and MIME encoding.
Resource name
Can contain the primary recipient e-mail address or can be overridden using mailto
protocol configuration parameter.
Operations
POST - send e-mail.
The EmailConnection class provides a simple way to build Connection requests for the smtp
protocol implementation, including e-mail attachments.
Example usage
The following example uses the EmailConnection API to send a simple e-mail message:
try {
EmailConnection email = new EmailConnection("you@projectzero.org");
email.setFromAddress("me@projectzero.org");
email.setSubject("Hello you!");
email.setContent("This is the e-mail body.");
email.send();
} catch (Exception e) {
// Failed to send e-mail
}
• See Sending an e-mail using EmailConnection for more examples using the
EmailConnection API.
• You can also use the sendEmail activity to send an e-mail using the smtp protocol
implementation from a flow.
Request and response format
This section details the headers and body types for the requests and responses of the supported
operations.
POST operation
The POST operation sends an e-mail to a SMTP server. The request body becomes the body of
the e-mail message.
Request headers
Request
Comments
header name
Subject e-mail subject text.
Sender's e-mail address. If not supplied, the primary recipient e-mail address is
From
used as the sender's e-mail address.
Optional List of recipient e-mail addresses. The primary recipient e-mail address
To (as specified by the request resource target or the mailto configuration
parameter) is automatically added.
Cc Optional List of CC recipient e-mail addresses.
Bcc Optional List of BCC recipient e-mail addresses.
e-mail body MIME type. If not specified, text/plain; charset=UTF-8 is
Content-Type
assumed.
MIME-Version Simple applications must leave this header unset.
Any other headers to be sent with the SMTP message. If the request header has
Other headers
multiple values, each value is sent to the server as a separate SMTP header.
• The values of To, Cc and Bcc headers must be lists of simple, individual e-mail addresses.
Addresses must be of the form user@domain.com only (real name annotations are not
supported). Multiple addresses must be represented as multiple values in the lists
(comma-separated lists of addresses are not supported).
• The MIME-Version header should only be set by advanced, MIME-aware applications
and connection handlers. If the following conditions are all true then the body is assumed
to be already encoded into 7-bit ASCII and is transmitted without further MIME
processing:
○ MIME-Version is specified.
○ Content-Type header value begins with multipart/mixed.
○ The request body is not an instance of MultipartBody.
• If the request body is an instance of MultipartBody then the values of the following
request headers are replaced with values appropriate for the MIME encoded request
body:
○ MIME-Version
○ Content-Type
○ Content-Transfer-Encoding
Request body
Request body
Comments
type
Encodes character data for SMTP transmission using MIME, according to
String or Reader charset in Content-Type header. If Content-Type has multiple values then
the first value is used. If charset not specified then 7-bit ASCII is assumed.
Request body
Comments
type
byte[] or
Encodes binary data for SMTP transmission using MIME.
InputStream
MultipartBody Encode multi-part body using MIME.
Other types Calls toString() and processes result as String.
Response headers
No response headers defined.
Response body
String containing final response message from SMTP server.
Configuration
Parameter Description Default
hostname SMTP server hostname. localhost
Port 465 if smtpsConfig is set,
port SMTP server port number.
otherwise port 25.
Override primary recipient e-mail
mailto Request target resource name.
address.
None set. (Unencrypted SMTP
smtpsConfig SMTPS configuration name.
connection)
None set. (Unauthenticated SMTP
userid AUTH PLAIN user ID.
connection)
AUTH PLAIN password. (XOR
password None set.
strings are supported)
connectionTimeout Connection timeout, in seconds. 15 seconds.
readTimeout Socket read timeout, in seconds. 60 seconds.
• If the userid configuration parameter is supplied, the userid and password values are
sent to the SMTP server, using the AUTH PLAIN authentication mechanism. The
connection will fail if the SMTP server rejects the supplied credentials or does not
support the AUTH PLAIN authentication mechanism.
• If the value of smtpsConfig is either null or the empty string then an unencrypted socket
connection will be used to connect to the SMTP server. If the value contains a SMTPS
configuration name, the named configuration will be used to establish a SSL socket
connection to SMTP server (SMTPS). The default value of the port parameter is 25 for
SMTP and 465 for SMTPS.
• Protocol configuration can be applied to the connection request using various mechanism,
as described in Configuring protocols.
In the following example, a default SMTP server is set for the smtp protocol:
/config/connection/defaults/smtp/hostname = "smtp.projectzero.org"
With no further configuration, the specified SMTP server will be contacted on port 25, using an
unencrypted connection and no authentication.
The next example contains a default configuration for a secure SMTP server:
/config/connection/defaults/smtp/hostname = "smtp.projectzero.org"
/config/connection/defaults/smtp/userid = "user1"
/config/connection/defaults/smtp/password = "password1"
/config/connection/defaults/smtp/smtpsConfig = "defaultConfig"
Using this configuration an SMTPS connection will be established to port 465 of the specified
server, using the predefined defaultConfig SSL configuration. The user ID and password will
be sent to the SMTP server to authenticate the connection.
SMTPS configuration
By setting a value for the smtpsConfig protocol configuration parameter, you can specify that
an SSL socket is to be used to connect to the SMTP server (SMTPS). The value of smtpsConfig
names a SMTPS configuration to be used for the connection.
The zero.core module contains a predefined SMTPS configuration, which checks that the
SMTPS server presents a valid certificate signed by one of a selection of well-known certificate
authorities. To use this configuration, the value of smtpsConfig must be set to defaultConfig.
The defaultConfig configuration does not present a client certificate to the remote server.
You can configure a custom SMTPS configuration using your own trust store and key store. An
SMTPS configuration is specified using the key /config/connection/smtps/ configName, as
demonstrated in the following example:
/config/connection/smtps/mySmtpsConfig = {
"trustStore" : "config/truststore.jks",
"trustStorePassword" : "password",
"trustStoreType" : "JKS"
}
The above configuration can be selected by setting smtpsConfig value to mySmtpsConfig.
The SSL configurations defined under /config/connection/smtps/ configName can contain
the following properties:
Property Description Notes
File name of trust store to be used to validate
trustStore Required.
server identity.
Trust store password. (XOR strings are
trustStorePassword Required.
supported)
trustStoreType Trust store type. Required.
File name of key store containing client Optional, default is
keyStore
certificate. no client certificate.
Required if
Key store password. (XOR strings are
keyStorePassword keyStore is
supported)
specified.
Required if
keyStoreType Key store type. keyStore is
specified.
If true, the outbound connection does not
Optional, default
disableTrustVerification perform any checks to validate the identity of
value is false
the remote server.
Introduction to e-mail
E-mail is considered as being the most widely used service on the Internet. So the TCP/IP
protocol suite offers a range of protocols allowing the easy management of email routing over
the network.
The SMTP protocol
The SMTP protocol (Simple Mail Transfer Protocol) is the standard protocol enabling mail to
be transferred from one server to another by point to point connection.
This is a protocol operating in online mode, encapsulated in a TCP/IP frame. The mail is sent
directly to the recipient's mail server. SMTP protocol works using text commands sent to the
SMTP server (on port 25 by default). Each command sent by the client (validated by the ASCII
character string CR/LF, equivalent to a press on the enter key) is followed by a response from the
SMTP server comprising of a number and a descriptive message.
Here is a scenario of a request for sending mail to an SMTP server
• When opening the SMTP session, the first command to be sent is the HELO command
followed by a space (written <SP>) and the domain name of your machine (in order to
say "hello, I am this machine"), then validated by enter (written <CRLF>). Since April
2001, the specifications for the SMTP protocol, defined in RFC 2821, mean that the
HELO command is replaced by the EHLO command.
• The second command is "MAIL FROM:" followed by the email address of the originator.
If the command is accepted the server sends back the message "250 OK"
• The next command is "RCPT TO:" followed by the email address of the recipient. If the
command is accepted the server sends back the message "250 OK"
• The DATA command is the third stage for sending email. It announces the start of the
message body. If the command is accepted the server sends back an intermediary
message numbered 354 indicating that the sending of the email body can begin and
considers the collection of following lines until the end of the message located by a line
containing only a dot. The email body possibly contains some of the following headers:
○ Date
○ Subject
○ Cc
○ Bcc
○ From
If the command is accepted the server sends back the message "250 OK"
Here is an example of a transaction between a client (C) and an SMTP server (S)
S: 220 smtp.commentcamarche.net SMTP Ready
C: EHLO machine1.commentcamarche.net
S: 250 smtp.commentcamarche.net
C: MAIL FROM:<webmaster@kioskea.net>
S: 250 OK
C: RCPT TO:<meandus@meandus.net>
S: 250 OK
C: RCPT TO:<tittom@tittom.fr>
S: 550 No such user here
C: DATA
S: 354 Start mail input; end with <CRLF>.<CRLF>
C: Subject: Hello
C: Hello Meandus,
C: How are things?
C:
C: See you soon!
C: <CRLF>.<CRLF>
S: 250 OK
C: QUIT
R: 221 smtp.commentcamarche.net closing transmission
The basic specifications of the SMTP protocol mean that all the characters sent are coded in
ASCII code over 7 bits and that the 8th bit is explicitly put at zero. So to send accented characters
it is necessary to resort to algorithms integrating MIME specifications:
• base64 for attached files
• quoted-printable (abbreviated to QP) for special characters contained within the
message body
It is therefore possible to send an email using a simple telnet on port 25 of the SMTP server:
telnet smtp.commentcamarche.net 25
(the server indicated above is deliberately nonexistent, you can try by replacing
commentcamarche.net by the domain name of your internet service provider)
Here is a summary of the principal SMTP commands
Command Example Description
HELO (now Identification using the IP address or domain
EHLO 193.56.47.125
EHLO) name of the originator computer
MAIL FROM:
MAIL FROM: Identification of the originator's address
originator@domain.com
RCPT TO:
RCPT TO: Identification of the recipient's address
recipient@domain.com
DATA DATA message Email body
QUIT QUIT Exit the SMTP server
List of SMTP commands supported by the
HELP HELP
server
All the specifications for the SMTP protocol are defined in RFC 821 (since April 2001, the
SMTP protocol specifications are defined in RFC 2821).
Secure Socket Layer (SSL) as a sub layer under its regular HTTP application
layering. (HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer,
TCP/IP.) SSL uses a 40-bit key size for the RC4 stream encryption algorithm, new-age browsers
use 128-bit key size which is more secure than the former, it is considered an adequate degree of
encryption for commercial exchange. HTTPS is normally used in login pages,
shopping/commercial sites.
How it Work
Https is not a separate protocol, but refers to the combination of a normal HTTP interaction over
an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) transport mechanism.
This ensures reasonable protection from eavesdroppers and (provided it is implemented properly
and the top level certification authorities do their job properly) man-in-the-middle attacks.
The default TCP port of an https: URL is 443 (for unsecured HTTP, the default is 80). To
prepare a web-server for accepting https connections the administrator must create a public key
certificate for the web-server. These certificates can be created for Linux based servers with tools
such as Open SSL's ssl or SuSE's gensslcert. This certificate must be signed by a certificate
authority of one form or another, who certifies that the certificate holder is who they say they are.
Web browsers are generally distributed with the signing certificates of major certificate
authorities, so that they can verify certificates signed by them.
Main Features