suricata smtp协议解析源码注释-零--smtp协议格式简介

2021/9/12 14:34:55

本文主要是介绍suricata smtp协议解析源码注释-零--smtp协议格式简介,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!

本篇文章为smtp协议解析源码注释的第一篇,简单介绍一下smtp协议格式,大部分格式内容是从网上复制过来的。

一。smtp的客户端与服务器交互过程

常用客户端命令:

HELO/EHLO              发出请求

AUTH LOGIN             身份认证

MAIL FROM:              发件人email地址

RCPT TO:                   收件人email地址,可以写多个地址,发送给多人,这是一个列表

DATA                          邮件内容,如:hello,你好。

QUIT                          会话结束

服务器响应码:

220 <domain> Service ready

221 <domain> Service closing transmission channel

250 Requested mail action okay, completed

354 Start mail input; end with <CRLF>.<CRLF>    

二。信件头数据实例(从网上抄的)

以下内容来自:http://blog.csdn.net/kerry0071/article/details/28604267

C: telent SMTP.163.com 25  //以telenet方式连接163邮件服务器  
S: 220 163.com Anti-spam GT for Coremail System //220为响应数字,其后的为欢迎信息  
C: HELO SMTP.163.com //除了HELO所具有的功能外,EHLO主要用来查询服务器支持的扩充功能   
S: 250-mail  
S: 250-AUTH LOGIN PLAIN  
S: 250-AUTH=LOGIN PLAIN  
S: 250 8BITMIME //最后一个响应数字应答码之后跟的是一个空格,而不是'-'   
C: AUTH LOGIN   //请求认证  
S: 334 dxNlcm5hbWU6  //服务器的响应——经过base64编码了的“Username”=  
C: Y29zdGFAYW1heGl0Lm5ldA==  //发送经过BASE64编码了的用户名  
S: 334 UGFzc3dvcmQ6  //经过BASE64编码了的"Password:"=  
C: MTk4MjIxNA==  //客户端发送的经过BASE64编码了的密码  
S: 235 auth successfully  //认证成功   
C: MAIL FROM: bripengandre@163.com  //发送者邮箱  
S: 250 … .  //“…”代表省略了一些可读信息  
C: RCPT TO: bripengandre@smail.hust.edu.cn //接收者邮箱  
S: 250 … .    // “…”代表省略了一些可读信息  
C: DATA //请求发送数据  
S: 354 Enter mail, end with "." on a line by itself  
C: Enjoy Protocol Studing  
C: .  
S: 250 Message sent  
C: QUIT //退出连接   
S: 221 Bye  

三。信件体MIME实例(从网上抄的)

以下内容来自:https://blog.csdn.net/u014608280/article/details/89380417

Date: Mon, 29 Jun 2009 18:39:03 +0800

From: "=?gb2312?B?26zQocHB?=" <gaoxl@legendsec.com>

To: "moreorless" <moreorless@live.cn>

Cc: "gxl0620" <gxl0620@163.com>

BCC: "=?gb2312?B?26zQocHB?=" <venus.oso@gmail.com>

Subject: attach

Message-ID: <200906291839032504254@legendsec.com>

X-mailer: Foxmail 6, 15, 201, 21 [cn]

Mime-Version: 1.0

Content-Type: multipart/mixed;

      boundary="=====001_Dragon777814155473_====="

This is a multi-part message in MIME format.

--=====001_Dragon777814155473_=====

Content-Type: multipart/alternative;

      boundary="=====003_Dragon777814155473_====="

--=====003_Dragon777814155473_=====

Content-Type: text/plain;

      charset="gb2312"

Content-Transfer-Encoding: base64

DQoNCjIwMDktMDYtMjkgDQoNCg0KDQrbrNChwcEgDQo=

--=====003_Dragon777814155473_=====

Content-Type: text/html;

      charset="gb2312"

Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv

L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PWdi

MjMxMiIgaHR0cC1lcXVpdj1Db250ZW50LVR5cGU+DQo8TUVUQSBuYW1lPUdFTkVSQVRPUiBjb250

ZW50PSJNU0hUTUwgOC4wMC42MDAxLjE4NzAyIj48TElOSyByZWw9c3R5bGVzaGVldCANCmhyZWY9

IkJMT0NLUVVPVEV7bWFyZ2luLVRvcDogMHB4OyBtYXJnaW4tQm90dG9tOiAwcHg7IG1hcmdpbi1M

ZWZ0OiAyZW19Ij48L0hFQUQ+DQo8Qk9EWSBzdHlsZT0iTUFSR0lOOiAxMHB4OyBGT05ULUZBTUlM

WTogdmVyZGFuYTsgRk9OVC1TSVpFOiAxMHB0Ij4NCjxESVY+PEZPTlQgc2l6ZT0yIGZhY2U9VmVy

ZGFuYT48L0ZPTlQ+Jm5ic3A7PC9ESVY+DQo8RElWPjxGT05UIHNpemU9MiBmYWNlPVZlcmRhbmE+

PC9GT05UPiZuYnNwOzwvRElWPg0KPERJViBhbGlnbj1sZWZ0PjxGT05UIGNvbG9yPSNjMGMwYzAg

c2l6ZT0yIGZhY2U9VmVyZGFuYT4yMDA5LTA2LTI5IA0KPC9GT05UPjwvRElWPjxGT05UIHNpemU9

MiBmYWNlPVZlcmRhbmE+DQo8SFIgc3R5bGU9IldJRFRIOiAxMjJweDsgSEVJR0hUOiAycHgiIGFs

aWduPWxlZnQgU0laRT0yPg0KDQo8RElWPjxGT05UIGNvbG9yPSNjMGMwYzAgc2l6ZT0yIGZhY2U9

VmVyZGFuYT48U1BBTj7brNChwcE8L1NQQU4+IA0KPC9GT05UPjwvRElWPjwvRk9OVD48L0JPRFk+

PC9IVE1MPg0K

--=====003_Dragon777814155473_=====--

--=====001_Dragon777814155473_=====

Content-Type: application/octet-stream;

      name="readme.txt"

Content-Transfer-Encoding: base64

Content-Disposition: attachment;

      filename="readme.txt"

YWJjZGVkZg==

--=====001_Dragon777814155473_=====--



这篇关于suricata smtp协议解析源码注释-零--smtp协议格式简介的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!


扫一扫关注最新编程教程