Category Archives: How To’s

VMware: The Basics

What is a virtual machine?
A virtual machine is a set of virtual hardware and files. The virtual hardware gives us the possibility to install a Guest OS on top. This Operating system must be “supported” by the Hypervisor, although many times you can install unsupported Guest OSes.

Virtual machine files:
So, let’s take a look at some of the most important files that constitute a VMware virtual machine:

• .VMX file – This is the configuration file for a VM.I In this file all the properties like number of vCPUs, RAM, Virtual Nic interfaces, Guest OS, etc. are contained.

• .VMDK file – This file is also known as the virtual disk descriptor. Here the geometry of the virtual disk is described.

.VMDK File

• –flat.vmdk – This is the data disk file where all the information of the VM is stored.
• .nvram – This file contains the “Bios” of the virtual machine (settings, etc.)
• .vswp – This file is the VM swap file. It is created once the VM is started and is used by the hypervisor to guarantee the assigned memory to the VM. This file is equal in size of the vRAM (RAM assigned to the VM). The only situation when it can be different is when you have a memory reservation configured to vm. In that case the .vswp file will be the same size as the defined reservation.

• .vmtx – this file is only present when you mark the VM as a template, when you set a VM as a template the only thing that happens is that the .vmx file is converted into a .vmtx file


• .vmsd – this file is a snapshot descriptor. You can find the different snapshots that you have for that VM, the files of those snaps, etc.


• vmss – this file is known as the “snapshot state.” Here the configuration state (.vmx information) of the VM at the time when the snapshot was taken is stored. So for example, if I took a snapshot when the VM was configured with just one vCPU and then I take a snapshot with 2 vCPUs the change in number of vCPUs will be known by the hypervisor using this .vmss file.


• -delta.vmdk – this file contains the changes of the VM after a snapshot was taken, so we essentially have the “base” disk and the delta files that store all further changes on disk.


As we can see, a virtual machine is easy to migrate and manage because it is a set of file, instead of a physical server. There are other VM files like .log files and .lck lock files.

Resources that can be assigned to a virtual machine:

Virtual machine hardware:
A virtual machine requires a set of “virtual devices.” These devices or virtual hardware provides access to the underlying physical resources. It is important to note that the access to hardware is controlled by the hypervisor. Currently VMware presents the following hardware devices to the virtual machines:

• SCSI adapter – This virtual SCSI adapter allows the use of “virtual disks, with a maximum of 4 SCSI adapters per VM and 15 targets (disks) in each adapter (60 disks). There are different types of adapters: LSI Logic Parallel, LSI Logic SAS, BusLogic Parallel and VMware Paravirtual SCSI (PVSCSI). PVSCSI adapter is a Paravirtualized virtual adapter that can give us greater performance. I If you want to know more about it take a look here.


• USB controller – A vSphere VM can have three types of USB controllers: UHCI (USB 1.0), EHCI (USB 2.0) and xHCI (USB 3.0), with a maximum of one controller of each type (3 controllers) per VM (3 controllers different version of USB). Each controller can have up to 20 different devices.
• Floppy controller – This floppy controller can have up to two devices. Usually this virtual floppy is used to insert drivers in a floppy image (.flp).
• Network cards – Also known as “vNics,” vSphere supports up to 10 network cards per VM. There are different types of vNics that can be available to a VM depending on the virtual hardware or “VM compatibility,” vlance (emulated 10 Mbps nic), E1000, Flexible (can change between vlance or VMXNET), VMXNET2 and VMXNET3.The VMXNET adapters are “paravirtualized” adapters, that allows better performance. If you want to know more about the different types of virtual nics take a look at this great blog post. Also we can have SR–IOV compatible devices (virtual interfaces of a physical nic/PCIe device) that can be presented to a VM reducing the overhead and increasing the performance.

network cards

• AHCI controller (SATA) – This type of controller is only available in vSphere 5.5. A VM can have up to 4 SATA controllers with a maximum of 30 disks per controller.
• Video card – provides video for the VM. We can also add 3D hardware rendering and software rendering to this “vGPU.”
• Other – a VM can have up to three parallel ports and up to four serial/com ports.
• RAM – the maximum amount of RAM that can be assigned to a VM in vSphere 5.5 is 1TB.
• CPU – the maximum number of vCPUs that can be assigned to a VM is 64. This is true for vSphere 5.5.
It’s very important to know that the CPU is not virtualized by the vmkernel. The hypervisor only assigns the different vCPUs to different cores on the physical system leveraging the CPU scheduler.

Virtual Disks
As we already know, a virtual machine can have virtual disks that are attached to a vSCSI adapter or a SATA controller, but we can add different types of virtual disks that will reflect directly in the physical storage.

virtual disks

Let’s start by explaining what is Thin Provisioning at vSphere. Thin Provisioning enables the hypervisor to assign disk space to the VMs on demand. This allows over allocation of the physical storage. With Thin Provisioning the Guest OS (the Operating system installed in the VM) sees the full allocated space but in reality only the consumed space is allocated on the physical storage.

John creates a VM with a thin provisioned virtual disk. He assigns 80GB of space to that disk. John installs an Ubuntu guest OS and several applications that consumes a total of 40GB from the 80GB allocated so it’s only 50 percent. Only 40GB of space is consumed at the physical disk/storage as we can see in the following image:


Basically the hypervisor “tricks” the gOS and reports the total size of the disk without really occupying all the space in the physical storage.
Now that we know what is Thin Provisioning lets take a look at the current supported types of virtual disks or VMDKs:


• Thick provision lazy zeroed – this type of disk allocates the total space assigned to it on the physical disk/layer (datastore). If there was previous data on the disk it does not get over written due to the fact that with this type of disk there is no writing of zeroes to the blocks that constitute the virtual disk. In this case the “erasing” or writing of zeroes is performed on demand on first write.
• Thick provision eagered zeroed – in this type of disk all the space is allocated on creation and a write of zeroes is performed on all blocks that are part of this virtual disk. Because of this the time to create an eagered zeroed vmdk is longer.
• Thin provision – with this type of disk space is allocated on demand.

Now it’s time to talk about the different disk modes on vSphere. This “modes” define how a vmdk (virtual disk) will behave when we want to take a snapshot of the VM. The following modes can be configured:

vmdk vsphere

• Dependent – With this mode the virtual disk (vmdk) is included in the snapshot, so if you delete the snapshot the changes are gone.
In this mode if we power off the VM the snapshot and changes are persistent.
• Independent persistent mode – In this mode the virtual disk is not affected by snapshots, so no delta file is created and every change is written directly to disk.
• Independent Non persistent – in this mode the virtual disk is affected by snapshots, a redo log is created (delta file) and any write or change is captured there.If you delete the snapshot or power off the changes are gone.
This article has been an introduction to VMware, defining what a virtual machine is, discussing the different resources that can be assigned to a virtual machine, an overview of VMware tools, converting a physical server into a virtual machine and best practices/guidelines for design.

iPhone Spy Data Recovery stick

The article will present a user with information and guidance on iPhone Spy Data Recovery stick. The iPhone Spy Data Recovery stick has got following features:
- Quickly and Easily Download Even Deleted Information from an iPhone
The iPhone Spy Data Recovery Stick is the ultimate iPhone recovery tool for any user who wants to capture deleted information from any iPhone. The iPhone Spy Data Recovery Stick makes it easy to recover deleted text messages, contacts, call and web history, as well as photos, voice memos and calendar appointments — giving you a unique look into exactly what the user has been searching for, who they’ve been talking to, and even the types of pictures they’ve taken.
A user can:
• easily get access to deleted information
• download text messages and view calls made
• recover deleted contacts and calendar items
• view pictures and other multimedia
• gain access to map history to see locations searched on the iPhone’s map with exact GPS coordinates
• get access to notes, voice memos, multimedia files, and dynamic text data
• downloading data in a simply way by simply attaching the iPhone and iPhone Data Recovery Stick to a computer and pressing start
• save iPhone information on a computer and can move then information to other drives as a regular file
• recover data from his/her iPhone
• monitor iPhone text messaging and internet use
• restore deleted files

This stick looks like an ordinary USB flash drive – no one will suspect that it’s a professional grade forensics tool
7A user should note the requirements:
• an Apple iPhone
• Make sure iTunes “auto-sync” is turned off/disabled prior to extracting information (to avoid overwriting files)
• For iPhones that are password protected, you must have access to the password
• Computer running Windows 7, Vista, XP, 2003 or 2000

If a user read this article then he/she would have learnt about iPhone Spy Data Recovery stick.

iPhone iRecovery Stick

This article will provides a user with information on iPhone iRecovery stick.  iRecovery Stick is a revolutionary new product designed to recover deleted data from Apple iPhones incuding iPhone 4! . The iRecovery Stick (iRS) is a thumb-drive USB device, about the size of a stick of gum.  This will help a user to recover deleted data as well as other data from the Apple iPhone.
- A user can connect the iPhone to a PC with the cable included with the iRS and
- After the iPhone is connected to the PC then a user can connect the stick to the computer through a USB port.
- After the two devices are connected a user can then run the built-in software on the iRS and recover the data that he/she is looking for with the click of a button.

Please note that the data recovery process can take several hours to complete. The strength of using iRS is that it is capable of recovering different types of deleted data including text messages, contacts, call history, and calendar entries. The recovery process will also download the contents of the phone such as contacts, call history, text messges, pictures, and all other user data that can normally be backed up.
Due to the versatile recovery capabilities and easy-to-use interface associated with iRS, the iRecovery Stick is helpful for:
- those people who have accidentally deleted important files,
- employers who have issued iPhones to employees for business purposes, concerned parents, or anyone who may have a need to retrieve a deleted item from an iPhone.

If a user has read this article then he/she would have learnt about iPhone iRecovery stick.

iPad -Use Dropbox

The article will provide a user with information on how to use dropbox.

If a user wants to use a dropbox then he/she has to follow the guidance as provided below:

In order to use a dropbox, a user has to download the software and setup an account..  A user can use the same email address and password on both the Mac and iPad to link both of them.

A user can move files from the Mac to the iPad.

If a user puts files or folders into the Mac’s Dropbox folder then he/she will notice them on the iPad.  IF the Dropbox is installed on multiple Macs or PC’s the files will be copied.  A user can tap a file to open it in Dropbox.  The program displays a number of file types.  These files include images, music and video files, Microsoft Office files, PDFs, iWork files and HTML and text files. 

Now a user can tap the Send icon in the toolbar if he/she wants to choose an application that can open the file.  For example, if a user has a Word file and want to view it in Pages then he/she can tap the file to view it with Dropbox and then tap the Send icon in the toolbar and then tap Pages.  Now the Dropbox will transfer the file to Pages and Pages will import it.

How to move files from iPad to the Mac?

If a user wants to move files or documents off of the iPad then he/she can use a similar method as mentioned above for iWork apps.  Alternatively a user can send the document by email.  Please note that the dropbox doesn’t sync files from the iPad to his/her Dropbox account. If the app a user is using to view the document works with File Sharing, as the iWork apps do, a user can copy it back to the Mac using iTunes.

Whichever way a user is using, exchaning files with iPad requires hard work but with the methods as mentioned above will help a user to move files to and from the iPad without any hard work.

If a user followed advise as provided in this article, then he/she would have learnt about using Dropbox.

iPad – sharing files between Mac and iPad

The article will provide a user with information and guidance on sharing files between Mac and iPad.
The article will cover how to get documents off of the Mac and onto the iPad, and then after a user has edited them or created new ones on the iPad how to get them onto the Mac.  A user can follow two ways to do this.

Use iTunes
For apps that use Apple’s File Sharing, such as Apple’s iWork programs,
• a user can use iTunes 9.1.1 as a conduit to get files on and off the iPad.
• When users iPad is connected to the Mac and iTunes is open, a user can then select the iPad in the iTunes Library and
• then click on iTunes’ Apps tab.
• Scroll down to the File Sharing section.
• A user will then see a list of apps that use File Sharing.
• Click on one and a user will see any files that he has already added to, or created on, the iPad.

Add and delete documents
Now a user can add documents to his/her iPad in two ways.
• Click the Add button, navigate to a document in the Open dialog box that appears, select the document, and then click Open.
• When a user clicks Sync, the file will copy to the iPad.
• Alternatively, a user can drag a file onto the File Sharing list when the appropriate app is selected in the Apps list.
• This method copies the files immediately; a user don’t need to click Sync for the copying to take place.
• To delete documents, selecting them in the file list and press Delete.

Import iWork documents
If a user is working with the iWork apps such as Pages, Numbers and Keynote just getting the document onto the iPad isn’t quite enough.
• A user will need to import the files before a user can view and edit them.
• In order to do this, for example in Pages,  a user has to open Pages on the iPad and tap the folder icon in the toolbar.
• A user will see a list of available documents.
• A user can now tap a document to import it.
• Now it’ll now show up in the My Documents list and a user can work with the file.

Avoid problems
Please note that iWork for iPad apps can’t import files with special characters in their titles, such as the forward-slash (/).  If a user wants to import files then he should
• remove any special characters from the file names before he/she tries to transfer the files.
• importing isn’t always a smooth process.  This is because not all fonts and document elements will come through.

Export iWork documents
After a user has done editing a document on the iPad,  a user should
• export it before he/she can move it onto the computer using iTunes.
• Tap My Documents (or My Presentations, or My Spreadsheets, depending on the app).
• Open the document and then tap the send icon.
• Tap Export, and
• then choose a file format.
• If a user has made changes to a document then he/she can import using iTunes,
• A user will view a dialog box asking if he/she wants to replace the original.
• A user should now tap Replace to do this.
• The app exports the file,
• and a user can now copy it from iTunes back to your Mac.
A user should note that other iPad apps may not require the import/export procedure.

Copy documents onto the Mac
If a user wants to copy documents from the iPad onto the Mac using File Sharing then he/she should:
• connect the iPad to the computer and open iTunes.
• Select the iPad in the iTunes Library and
• then click on iTunes’ Apps tab.
• Scroll down to the File Sharing section and
• select the appropriate app.
• Select the file in the list and click Save To.
• In the Open dialog box that appears, navigate to a folder where a user would like to save the file,
• and click Open. iTunes copies the file right away.
• A user can also click on a file in the documents list and drag it to a Finder window to copy it.

If a user followed this tutorial guide then he/she would have learnt about sharing files between Mac and ipad.

How to secure an iPad?

The article will provide information and guidance on securing an iPad.  A user can secure an iPad by looking at the following tips. 

Physical control
A user can keep an iPad secure by keeping it under physical control.  In this way, a user can have control over device and data access. In this way may security concerns can be avoided.

A user can use a passcode when taking the iPad out in public.  The passcode blocks unauthorised users from accessing the apps and information. However, the passcode only provides limited protection; it can be bypassed by users with long-term physical control of the device.

Limitations for passcode
There are various limitations for using passcode:
-If someone has prolonged control over a users iPad and access to a PC, they can connect to the iPad with a PC and remove the passcode.  This will allow them to log onto the device.
- another limitation of passcode is that an attacker can also bypass encryption on the iPad the same way.  Even if they don’t get access to the data, the attacker can reset the device, destroying users data and converting the device to their own use.
- As the keypad that a user uses to enter the passscode always appears in the same place on the screen, in this manner a pattern of fingerprints may be left in the screen.  This can lead to security risks.

Enable automatic data erasing
A user can configure the iPad to erase all user data on the device after 10 failed passcode attempts.  This all depends on how likely a user is going to exceed the 10 failed passcode attempts.

Restrict the capabilities of the iPad
A user can add additional controls that can allow a user to restrict certain functions on the device.  It is a good idea that a user can restrict Safari, YouTube, installing applications, and explicit media content.

Use a VPN
The iPad lets a user encrypt all the WiFi traffic using a Virtual Private Network (VPN) service.

Get MobileMe
A user has an opportunity to use get mobileme.  This is because Apple’s MobileMe service provides several tools for syncing, backing up and securing data, sound a tone andr dsplay a message on a lost iPad if a user has temporarily misplaced it.  In case iPAd is stone, a user can then access ,” MobileMe from a computer and can display the location of the device on a map in order to help find it. Another benefit or strength of using MobileMe is to keep information in sync across multiple devices, to share information through iDisk.
If the remote iPad is not connected via cellular or [Wi-Fi] network, it will not receive the remote wipe commands, so a determined attacker would likely take the iPad off the network before they worked on the system.  As an iPad supports Microsoft Exchange ActiveSync, so the remote wipe can be triggered via ActiveSync. MS Exchange ActiveSync. This can enforce additional controls and extended password policies.

Share with care
As an iPad is a single user devices so a user doesn’t have an opportunity to create multiple user accounts on the iPad.  In other words because of this limited aspect associated with iPad, a user cannot block access to information between accounts, everyone with access to the iPad has access to all the information on the device, including e-mail and browser and personal information. There is a way to protect privacy by disabling the option to autofill browser fields, and regularly clearing browser history, cookies and cache.  There is another way to encrypt infomration stored in the app.  This is done by using 1Password software. 

Software updates installation
In order to minimise seecurity risk, a user should ensure that the system is current and up to date.  The system should be connected to iTunes on a computer.  If a system doesn’t have iTunes available or has not been connected for some time then the system could miss a criticval update and therefore a risk will be there.

If a user has read this article then he/she would have learnt about securing an iPad.

SMTP – VRFY Normal Response

Welcome to the tutorial guide.  The tutorial will provide a user with guidance and instructions on VRFY response.

When normal (2yz or 551) responses are returned from a VRFY or EXPN request, the reply normally includes the mailbox name, i.e., “<local-part@domain>”, where “domain” is a fully qualified domain name, must appear in the syntax.  In circumstances exceptional enough to justify violating the intent of this specification, free-form text may be returned.  In order to facilitate parsing by both computers and people, addresses should appear in pointed brackets.  When addresses, rather than free-form debugging information are returned.

EXPN and VRFY should return only valid domain addresses that are usable in SMTP RCPT commands.  Consequently, if an address implies delivery to a program or other system, the mailbox name used to reach that target must be given.  Paths (explicit source routes) should not be returned by VRFY or EXPN.

Please note that server implementations should support both VRFY and EXPN.  For security reasons, implementations may provide local installations a way to disable either or both of these commands through configuration options or the equivalent.  When these commands are supported, they are not required to work across relays when relaying is supported.  As they were both optional in RFC 821, so they must be listed as service extensions in an EHLO response, if they are supported.

What is VRFY or EXPN Success Response?
It is good to know what is VRFY or EXPN success response.  This is provided below: 

Please note that a server must not return a 250 code in response to a VRFY or EXPN command unless it has actually verified the address.  In particular, a server must not return 250 if all it has done is to verify that the syntax given is valid.  In that case, 502 (Command not implemented) or 500 (Syntax error, command unrecognised) should be returned.  The  implementation (in the sense of actually validating addresses and returning information) of VRFY and EXPN are strongly recommended.  This is why the implementations that return 500 or 502 for VRFY are not in full compliance with this specification.

There is a possibility that circumstances may arise where the address appears to be valid but cannot reasonably be verified in real time, particularly when a server is acting as a mail exchanger for another server or domain.

“Apparent validity” in this case would normally involve at least syntax checking and might involve verification that any domains specified were ones to which the host expected to be able to relay mail.  In these situations, reply code 252 should be returned. 

Semantics and Applications of EXPN

A user should note that EXPN is often very useful in debugging and understanding problems with mailing lists and multiple-target-address aliases.  Some systems have attempted to use source expansion of mailing lists as a means of eliminating duplicates.  The propagation of aliasing systems with
mail on the Internet, for hosts (typically with MX and CNAME DNS records), for mailboxes (various types of local host aliases), and in various proxying arrangements, has made it nearly impossible for these strategies to work consistently, and mail systems should not attempt them.

If a user followed this tutorial guide then he/she would have learnt about the SMTP VRFY Normal Response and Semantics and application of EXPN.

STMP – Commands for Debugging Addresses

Welcome to the tutorial guide.  The tutorial will provide a user with advice and guidance on commands for debugging addresses. 
SMTP provides commands to verify a user name or obtain the content of a mailing list.  This is done with the VRFY and EXPN commands, which have character string arguments.
For the VRFY command, the string is a user name or a user name and domain (see below).  If a normal (i.e., 250) response is returned, the response may include the full name of the user and must include
the mailbox of the user.  It must be in either of the following forms:

      User Name <local-part@domain>

When a name that is the argument to VRFY could identify more than one mailbox, the server can either note the ambiguity or identify the alternatives.  In other words, any of the following are legitimate
response to VRFY:

       553 User ambiguous


      553- Ambiguous;  Possibilities are
      553-Shafkat Shahzad <>
      553-Anjum Shahzad <>
      553 Derek Smith <>


       553-Ambiguous;  Possibilities
      553- <>
      553- <>
      553 <>

Under normal circumstances, a client receiving a 553 reply would be expected to expose the result to the user.  Use of exactly the forms given, and the “user ambiguous” or “ambiguous” keywords, possibly supplemented by extended reply codes will facilitate automated translation into other languages as needed.

Please note that a client that was highly automated or that was operating in another language than English, might choose to try to translate the response, to return some other indication to the user than the literal text of the reply, or to take some automated action such as consulting a directory service for additional information before reporting to the user.

For the EXPN command, the string identifies a mailing list, and the successful (i.e., 250) multiline response can include the full name of the users and must give the mailboxes on the mailing list.

In some hosts the distinction between a mailing list and an alias for a single mailbox is a bit fuzzy, since a common data structure may hold both types of entries, and it is possible to have mailing lists
containing only one mailbox. 

If a request is made to apply VRFY to a mailing list, a positive response can be given if a message so addressed would be delivered to everyone on the list, otherwise an error should be reported (e.g., “550 That is a mailing list, not a user” or “252 Unable to verify members of mailing list”).  If a request is made to expand a user name, the server can return a positive response consisting of a list containing one name, or an error can be reported (e.g., “550 That is a user name, not a mailing list”).

In the case of a successful multiline reply (normal for EXPN) exactly one mailbox is to be specified on each line of the reply.  The case of an ambiguous request is discussed above.

 “User name” is a fuzzy term and has been used deliberately.  An implementation of the VRFY or EXPN commands must include at least recognition of local mailboxes as “user names”.  However, since
current Internet practice often results in a single host handling mail for multiple domains, hosts, especially hosts that provide this functionality, should accept the “local-part@domain” form as a “user name”; hosts can also choose to recognize other strings as “user names”.

The case of expanding a mailbox list requires a multiline reply, such as:

      C: EXPN Example-People
      S: 250-Rohail Khan <>
      S: 250-Malik Riaz <>
      S: 250 Sheikh S Alam <>


      C: EXPN Executive-Washroom-List
      S: 550 Access Denied to You.
The character string arguments of the VRFY and EXPN commands cannot be further restricted due to the variety of implementations of the user name and mailbox list concepts.  On some systems it may be
appropriate for the argument of the EXPN command to be a file name for a file containing a mailing list, but again there are a variety of file naming conventions in the Internet.  Similarly, historical variations in what is returned by these commands are such that the response should be interpreted very carefully, if at all, and should generally only be used for diagnostic purposes.

If you followed this tutorial guide then you would have learnt about Commands for Debugging Addresses.

The SMTP Procedures

Welcome to the tutorial guide.  The tutorial will provide a user with advise and guidance about the descriptions of the procedures used in SMTP:

  • session initiation,
  • the mail transaction,
  • forwarding mail,
  • verifying mailbox names and expanding mailing lists, and the opening and
    closing exchanges. 

Session Initiation

A user should note that SMTP session is initiated when a client opens a connection to a server and the server responds with an opening message.

SMTP server implementations can include identification of their software and version information in the connection greeting reply after the 220 code, a practice that permits more efficient isolation and repair of any problems.  Implementations MAY make provision for SMTP servers to disable the software and version announcement where it causes security concerns.  While some systems also identify their contact point for mail problems, this is not a substitute for maintaining the required “postmaster” address. 

The SMTP protocol allows a server to formally reject a transaction while still allowing the initial connection as follows:

a 554 response can be given in the initial connection opening message nstead of the 220.  A server taking this approach should wait for the client to send a QUIT before closing the connection and SHOULD respond to any intervening commands with “503 bad sequence of commands”.  Since an attempt to make an SMTP connection to such a system is probably in error, a server returning a 554 response on connection opening SHOULD provide enough information in the reply text to facilitate debugging of the sending system.

Client Initiation

After the server has sent the welcoming message and the client has received it, the client normally sends the EHLO command to the server, indicating the client’s identity.  In addition to opening the session, use of EHLO indicates that the client is able to process service extensions and requests that the server provide a list of the extensions it supports.  Older SMTP systems which are unable to support service extensions and contemporary clients which do not require service extensions in the mail session being initiated can use HELO instead of EHLO.  Servers should not return the extended EHLO-style response to a HELO command.  For a particular connection attempt, if the server returns a “command not recognized” response to EHLO, the client should be able to fall back and send HELO.

In the EHLO command the host sending the command identifies itself;

the command may be interpreted as saying “Hello, I am <domain>” (and, in the case of EHLO, “and I support service extension requests”).

Mail Transactions

There are three steps to SMTP mail transactions.  The transaction starts with a MAIL command which gives the sender identification.  A series of one or more RCPT commands follows giving the receiver information.  Then a DATA command initiates transfer of the mail data and is terminated by the “end of mail” data indicator, which also confirms the transaction.

The first step in the procedure is the MAIL command.

      MAIL FROM:<reverse-path> [SP <mail-parameters> ] <CRLF>

This command tells the SMTP-receiver that a new mail transaction is  starting and to reset all its state tables and buffers, including any recipients or mail data.  The <reverse-path> portion of the first or only argument contains the source mailbox (between “<” and “>” brackets), which can be used to report errors.  If accepted, the SMTP server returns a 250 OK reply.  If the mailbox specification is not acceptable for some reason, the server MUST return a reply indicating whether the failure is permanent (i.e., will occur again if the client tries to send the same address again) or temporary (i.e., the address might be accepted if the client tries again later).  Despite the apparent scope of this requirement, there are circumstances in which the acceptability of the reverse-path may not be determined until one or more forward-paths (in RCPT commands) can be examined.  In those cases, the server MAY reasonably accept the reverse-path (with a 250 reply) and then report problems after the forward-paths are received and examined.  Normally, failures produce 550 or 553 replies.

A user should note that historically, the <reverse-path> can contain more than just a mailbox, however, contemporary systems SHOULD NOT use source routing.  The optional <mail-parameters> are associated with negotiated SMTP service extensions. 

The second step in the procedure is the RCPT command.

      RCPT TO:<forward-path> [ SP <rcpt-parameters> ] <CRLF>

The first or only argument to this command includes a forward-path  (normally a mailbox and domain, always surrounded by “<” and “>” brackets) identifying one recipient.  If accepted, the SMTP server
returns a 250 OK reply and stores the forward-path.  If the recipient is known not to be a deliverable address, the SMTP server returns a 550 reply, typically with a string such as “no such user – ” and the mailbox name (other circumstances and reply codes are possible).

This step of the procedure can be repeated any number of times.  The <forward-path> can contain more than just a mailbox. Historically, the <forward-path> can be a source routing list of hosts and the destination mailbox, however, contemporary SMTP clients should not utilize source routes.  Servers MUST be prepared to encounter a list of source routes in the forward path, but SHOULD ignore the routes or MAY decline to support the relaying they imply.  Similarly, servers MAY decline to accept mail that is destined for other hosts or systems.  These restrictions make a server useless as a relay for clients that do not support full SMTP functionality.  Consequently, restricted-capability clients MUST NOT assume that any SMTP server on the Internet can be used as their mail processing (relaying) site.  If a RCPT command appears without a
previous MAIL command, the server MUST return a 503 “Bad sequence of commands” response.  The optional <rcpt-parameters> are associated with negotiated SMTP service extensions.

The third step in the procedure is the DATA command (or some alternative specified in a service extension).


If accepted, the SMTP server returns a 354 Intermediate reply and considers all succeeding lines up to but not including the end of mail data indicator to be the message text.  When the end of text is successfully received and stored the SMTP-receiver sends a 250 OK reply.

Since the mail data is sent on the transmission channel, the end of mail data must be indicated so that the command and reply dialog can be resumed.  SMTP indicates the end of the mail data by sending a line containing only a “.” (period or full stop).  A transparency procedure is used to prevent this from interfering with the user’s text.

The end of mail data indicator also confirms the mail transaction and tells the SMTP server to now process the stored recipients and mail data.  If accepted, the SMTP server returns a 250 OK reply.  The DATA    command can fail at only two points in the protocol exchange:

-  If there was no MAIL, or no RCPT, command, or all such commands were rejected, the server MAY return a “command out of sequence” (503) or “no valid recipients” (554) reply in response to the DATA command.  If one of those replies (or any other 5yz reply) is received, the client MUST NOT send the message data; more generally, message data MUST NOT be sent unless a 354 reply is received.

-  If the verb is initially accepted and the 354 reply issued, the DATA command should fail only if the mail transaction was incomplete (for example, no recipients), or if resources were unavailable (including, of course, the server unexpectedly becoming unavailable), or if the server determines that the message should be rejected for policy or other reasons.

A user will note that in practice, some servers do not perform recipient verification until after the message text is received.  These servers SHOULD treat a failure for one or more recipients as a “subsequent
failure” and return a mail message.  If a user is using a “550 mailbox not found” (or equivalent) reply code after the data are accepted makes it difficult or impossible for the client to determine which recipients failed.

When RFC 822 format [7, 32] is being used, the mail data include the memo header items such as Date, Subject, To, Cc, From.  Server SMTP systems SHOULD NOT reject messages based on perceived defects in the RFC 822 or MIME [12] message header or message body.  In particular, they MUST NOT reject messages in which the numbers of Resent-fields do not match or Resent-to appears without Resent-from and/or Resent-date.

Forwarding for Address Correction or Updating

Forwarding support is most often required to consolidate and simplify addresses within, or relative to, some enterprise and less frequently to establish addresses to link a person’s prior address with current one.  Silent forwarding of messages (without server notification to the sender), for security or non-disclosure purposes, is common in the contemporary Internet.

In both the enterprise and the “new address” cases, information hiding (and sometimes security) considerations argue against exposure of the “final” address through the SMTP protocol as a side-effect of the forwarding activity.  This may be especially important when the final address may not even be reachable by the sender.

In particular:

*  Servers MAY forward messages when they are aware of an address change.  When they do so, they MAY either provide address-updating information with a 251 code, or may forward “silently” and return a 250 code.  But, if a 251 code is used, they MUST NOT assume that the client will actually update address information or even return that information to the user.

Alternately, *  Servers MAY reject or bounce messages when they are not deliverable when addressed.  When they do so, they MAY either provide address-updating information with a 551 code, or may
reject the message as undeliverable with a 550 code and no address-specific information.  But, if a 551 code is used, they MUST NOT assume that the client will actually update address information or even return that information to the user.

SMTP server implementations that support the 251 and/or 551 reply codes are strongly encouraged to provide configuration mechanisms so that sites which conclude that they w ould undesirably disclose
information can disable or restrict their use.

If you read and followed the tutorial guide then you would have learnt about the STMP procedures.

What is Simple Mail Transfer Protocol (SMTP)

The objective of the Simple Mail Transfer Protocol (SMTP) is to transfer mail reliably and efficiently.

SMTP is independent of the particular transmission subsystem and requires only a reliable ordered data stream channel.  While this document specifically discusses transport over TCP, other transports
are possible.  Please note that an important feature of SMTP is its capability to transport mail
across networks, usually referred to as “SMTP mail relaying”. 

A network consists of the mutually-TCP-accessible hosts on the public Internet, the mutually-TCP-accessible hosts on a firewall-isolated TCP/IP Intranet, or hosts in some other LAN or WAN
environment utilizing a non-TCP transport-level protocol.

By using SMTP, a process can transfer mail to another process on the same network or to some other network via a relay or gateway process accessible to both networks.

In this way, a mail message may pass through a number of intermediate relay or gateway hosts on its path from sender to ultimate recipient.  The Mail eXchanger mechanisms of the domain name system [22, 27]  are used to identify the appropriate next-hop destination for a message being transported.