suricata smtp协议解析源码注释-零--smtp协议格式简介

本篇文章为smtp协议解析源码注释的第一篇，简单介绍一下smtp协议格式，大部分格式内容是从网上复制过来的。

一。smtp的客户端与服务器交互过程

常用客户端命令：

HELO/EHLO 发出请求

AUTH LOGIN 身份认证

MAIL FROM: 发件人email地址

RCPT TO: 收件人email地址，可以写多个地址，发送给多人，这是一个列表

DATA 邮件内容，如：hello，你好。

QUIT 会话结束

服务器响应码：

220 Service ready

221 Service closing transmission channel

250 Requested mail action okay, completed

_354 Start mail input; end with . _

二。信件头数据实例（从网上抄的）

以下内容来自：

C: telent SMTP.163.com 25 //以telenet方式连接163邮件服务器
S: 220 163.com Anti-spam GT for Coremail System //220为响应数字，其后的为欢迎信息
C: HELO SMTP.163.com //除了HELO所具有的功能外，EHLO主要用来查询服务器支持的扩充功能
S: 250-mail
S: 250-AUTH LOGIN PLAIN
S: 250-AUTH=LOGIN PLAIN
S: 250 8BITMIME //最后一个响应数字应答码之后跟的是一个空格，而不是'-'
C: AUTH LOGIN //请求认证
S: 334 dxNlcm5hbWU6 //服务器的响应——经过base64编码了的“Username”=
C: Y29zdGFAYW1heGl0Lm5ldA== //发送经过BASE64编码了的用户名
S: 334 UGFzc3dvcmQ6 //经过BASE64编码了的"Password:"=
C: MTk4MjIxNA== //客户端发送的经过BASE64编码了的密码
S: 235 auth successfully //认证成功
C: MAIL FROM: bripengandre@163.com //发送者邮箱
S: 250 … . //“…”代表省略了一些可读信息
C: RCPT TO: bripengandre@smail.hust.edu.cn //接收者邮箱
S: 250 … . // “…”代表省略了一些可读信息
C: DATA //请求发送数据
S: 354 Enter mail, end with "." on a line by itself
C: Enjoy Protocol Studing
C: .
S: 250 Message sent
C: QUIT //退出连接
S: 221 Bye

三。信件体MIME实例（从网上抄的）

以下内容来自：

Date: Mon, 29 Jun 2009 18:39:03 +0800

From: "=?gb2312?B?26zQocHB?=" gaoxl@legendsec.com

To: "moreorless" moreorless@live.cn

Cc: "gxl0620" gxl0620@163.com

BCC: "=?gb2312?B?26zQocHB?=" venus.oso@gmail.com

Subject: attach

Message-ID: 200906291839032504254@legendsec.com

X-mailer: Foxmail 6, 15, 201, 21 [cn]

Mime-Version: 1.0

Content-Type: multipart/mixed;

boundary="=====001_Dragon777814155473====="_

This is a multi-part message in MIME format.

--=====001_Dragon777814155473=====_

Content-Type: multipart/alternative;

boundary="=====003_Dragon777814155473====="_

--=====003_Dragon777814155473=====_

Content-Type: text/plain;

charset="gb2312"

Content-Transfer-Encoding: base64

DQoNCjIwMDktMDYtMjkgDQoNCg0KDQrbrNChwcEgDQo=

--=====003_Dragon777814155473=====_

Content-Type: text/html;

charset="gb2312"

Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv

L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PWdi

MjMxMiIgaHR0cC1lcXVpdj1Db250ZW50LVR5cGU+DQo8TUVUQSBuYW1lPUdFTkVSQVRPUiBjb250

ZW50PSJNU0hUTUwgOC4wMC42MDAxLjE4NzAyIj48TElOSyByZWw9c3R5bGVzaGVldCANCmhyZWY9

IkJMT0NLUVVPVEV7bWFyZ2luLVRvcDogMHB4OyBtYXJnaW4tQm90dG9tOiAwcHg7IG1hcmdpbi1M

ZWZ0OiAyZW19Ij48L0hFQUQ+DQo8Qk9EWSBzdHlsZT0iTUFSR0lOOiAxMHB4OyBGT05ULUZBTUlM

WTogdmVyZGFuYTsgRk9OVC1TSVpFOiAxMHB0Ij4NCjxESVY+PEZPTlQgc2l6ZT0yIGZhY2U9VmVy

ZGFuYT48L0ZPTlQ+Jm5ic3A7PC9ESVY+DQo8RElWPjxGT05UIHNpemU9MiBmYWNlPVZlcmRhbmE+

PC9GT05UPiZuYnNwOzwvRElWPg0KPERJViBhbGlnbj1sZWZ0PjxGT05UIGNvbG9yPSNjMGMwYzAg

c2l6ZT0yIGZhY2U9VmVyZGFuYT4yMDA5LTA2LTI5IA0KPC9GT05UPjwvRElWPjxGT05UIHNpemU9

MiBmYWNlPVZlcmRhbmE+DQo8SFIgc3R5bGU9IldJRFRIOiAxMjJweDsgSEVJR0hUOiAycHgiIGFs

aWduPWxlZnQgU0laRT0yPg0KDQo8RElWPjxGT05UIGNvbG9yPSNjMGMwYzAgc2l6ZT0yIGZhY2U9

VmVyZGFuYT48U1BBTj7brNChwcE8L1NQQU4+IA0KPC9GT05UPjwvRElWPjwvRk9OVD48L0JPRFk+

PC9IVE1MPg0K

--=====003_Dragon777814155473=====--_

--=====001_Dragon777814155473=====_

Content-Type: application/octet-stream;

name="readme.txt"

Content-Transfer-Encoding: base64

Content-Disposition: attachment;

filename="readme.txt"

YWJjZGVkZg==

--=====001_Dragon777814155473=====--_