Network Working Group                                       J. De Winter
Request for Comments: 1985                     Wildbear Consulting, Inc.
Category: Standards Track                                    August 1996

                         SMTP Service Extension
                   for Remote Message Queue Starting

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.


   This memo defines an extension to the SMTP service whereby an SMTP
   client and server may interact to give the server an opportunity to
   start the processing of its queues for messages to go to a given
   host.  This extension is meant to be used in startup conditions as
   well as for mail nodes that have transient connections to their
   service providers.

1.  Introduction

   The TURN command was a valid attempt to address the problem of having
   to start the processing for the mail queue on a remote machine.
   However, the TURN command presents a large security loophole.  As
   there is no verification of the remote host name, the TURN command
   could be used by a rogue system to download the mail for a site other
   than itself.

   Therefore, this memo introduces the ETRN command.  This command uses
   the mechanism defined in [4] to define extensions to the SMTP service
   whereby a client ("sender-SMTP") may request that the server
   ("receiver-SMTP") start the processing of its mail queues for
   messages that are waiting at the server for the client machine.  If
   any messages are at the server for the client, then the server should
   create a new SMTP session and send the messages at that time.

De Winter                   Standards Track                     [Page 1]
RFC 1985             SMTP Service Extension - ETRN           August 1996

2.  Framework for the ETRN Extension

   The following service extension is therefore defined:

   (1) the name of the SMTP service extension is "Remote Queue
   Processing Declaration";

   (2) the EHLO keyword value associated with this extension is "ETRN",
   with no associated parameters;

   (3) one additional verb, ETRN, with a single parameter that
   specifies the name of the client(s) to start processing for;

   (4) no additional SMTP verbs are defined by this extension.

   The remainder of this memo specifies how support for the extension
   affects the behavior of an SMTP client and server.

3.  The Remote Queue Processing Declaration service extension

   To save money, many small companies want to only maintain transient
   connections to their service providers.  In addition, there are some
   situations where the client sites depend on their mail arriving
   quickly, so forcing the queues on the server belonging to their
   service provider may be more desirable than waiting for the retry
   timeout to occur.

   Both of these situations could currently be fixed using the TURN
   command defined in [1], if it were not for a large security loophole
   in the TURN command.  As it stands, the TURN command will reverse the
   direction of the SMTP connection and assume that the remote host is
   being honest about what its name is.  The security loophole is that
   there is no documented stipulation for checking the authenticity of
   the remote host name, as given in the HELO or EHLO command.  As such,
   most SMTP and ESMTP implementations do not implement the TURN command
   to avoid this security loophole.

   This has been addressed in the design of the ETRN command.  This
   extended turn command was written with the points in the first
   paragraph in mind, yet paying attention to the problems that
   currently exist with the TURN command.  The security loophole is
   avoided by asking the server to start a new connection aimed at the
   specified client.

   In this manner, the server has a lot more certainty that it is
   talking to the correct SMTP client.  This mechanism can just be seen
   as a more immediate version of the retry queues that appear in most
   SMTP implementations.  In addition, as this command will take a

De Winter                   Standards Track                     [Page 2]
RFC 1985             SMTP Service Extension - ETRN           August 1996

   single parameter, the name of the remote host(s) to start the queues
   for, the server can decide whether it wishes to respect the request
   or deny it for any local administrative reasons.

4.  Definitions

   Remote queue processing means that using an SMTP or ESMTP connection,
   the client may request that the server start to process parts of its
   messaging queue.  This processing is performed using the existing
   SMTP infrastructure and will occur at some point after the processing
   is initiated.

      The server host is the node that is responding to the ETRN

      The client host is the node that is initiating the ETRN command.

   The remote host name is defined to be a plain-text field that
   specifies a name for the remote host(s).  This remote host name may
   also include an alias for the specified remote host or special
   commands to identify other types of queues.

5.  The extended ETRN command

   The extended ETRN command is issued by the client host when it wishes
   to start the SMTP queue processing of a given server host.  The
   syntax of this command is as follows:

      ETRN [