SquirrelMail  
Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties





Junk Email Filter






Security Notice
Phishing campain
Version 1.4.15
Security Upgrade

This is a small text written by me, Fredrik Jervfors, to be used as a reference when trying to explain mail systems to the end users. Comments are welcome at HowMailSystemsWorkComments?.


How mail systems work

The mail system parts

A mail system consists of many parts. There are plenty of servers that are needed to make it all happen, and the end users needs clients to take advantage of the services provided by the servers.

First of all, a mail man who can carry the mail to the post office is needed. That’s called a Mail Transfer Agent (MTA). The MTA only knows one language when talking to other MTAs and other system parts: the Simple Mail Transfer Protocol (SMTP).

At the post office, the mail can be filtered to prevent you from receiving spam, viruses and then put in the right mailbox. This post office is called Mail Delivery Agent (MDA). The MDA might also be able to send out auto respond messages (sometimes called vacation messages). In some post offices, every user can have a number of mailboxes. These mailboxes are often called “folders” by the end users, but in reality they are a collection of mailboxes.

Now you can walk to the post office and read your mail, but since this is the Internet you don’t actually have to go to the post office. Enter the Mail User Agent (MUA), often called a mail client. This wonderful piece of software makes it possible to read the mail at the post office without having you walking over there. It’s like the post office had a camera and you a TV set. When the post office clerk holds your mail up in front of the camera, you can read it while sitting in your TV sofa. The mail never leaves the post office, but you can read it all the same! The language you use to tell the post office clerk which mail to show you, and where to put it after you read it is called Internet Message Access Protocol (IMAP) and the post office clerk showing you your mails is called IMAP server. IMAP is great; since it lets you read your mail wherever you are. All you need is your TV – sorry, I mean MUA. And don’t worry about not being able to speak IMAP yourself – your MUA will help you with it.

There are also simpler post offices which can’t handle the remote reading feature. Those post offices only let you get your mail and store it in your home. The MUA will act as your servant, getting your mail for you and putting it in your home. The language used when your MUA speaks to the post office to get your mail is called Post Office Protocol (POP).

But sometimes you want to write mails as well, and when they are written they need to be delivered. Who will take care of that? The easy way is to let your MUA talk to a Mail Submission Agent (MSA). The MSA will take the mail and hand it over to the MTA, who will then deliver it to a post office.

If you have a mail system, you most likely have users with mail addresses. Those users and addresses are defined in a user database, which is accessible by all other system part for verification purposes.

Ok, so now we know that there are six different parts in a mail system: the MTA, the MDA, the MUA, the MSA, the IMAP and/or POP server, and the user database. All six parts have to be there to have a complete mail system, but all six parts don’t have to be different pieces of software. Some software solves more than one task. The MTA and MSA can be integrated into the same piece of software for instance.

HowMailSystemsWork.png

Illustration by Steve Brown

Which parts can SquirrelMail solve?

What about SquirrelMail then? Where does it fit into the picture? Well, SquirrelMail is a MUA. Basically there are two different kinds of MUA: the kind you install on your own computer, i.e. local clients, and the kind which is installed at a web server. SquirrelMail belongs to the latter category, while Microsoft Outlook, Mozilla Thunderbird, and several others belong to the former. Local clients often speak both POP and IMAP, but web clients usually speak IMAP only.

Why isn’t SquirrelMail responsible for the whole service?

It’s a common mistake to think that SquirrelMail is responsible for the MTA, MDA, and MSA parts as well, when in fact that’s not the case. SquirrelMail is a MUA, and nothing more. There is no SquirrelMail mail service. Just because SquirrelMail is the part that the end users see, some end users think that SquirrelMail is the complete system. Why do people make that mistake? The answer is branding. Let’s take Hotmail as an example. Hotmail is not an MUA – it’s the whole service. It consists of the six system parts: MTA, MDA, IMAP server, a web based MUA, MSA, and a user database. There are several products at the market which can act as the parts. Which of these products are used in the Hotmail case? I don’t know and I don’t really care either. Neither do the Hotmail end users. Companies who deliver services at the Internet are called Internet service providers (ISP). Some ISP gives you access to the Internet through dial-up, ISDN, ADSL, or other means. Others only provide services to people who are already connected to the Internet, such as web based mail services. Hotmail is that latter kind of ISP. In the context of this document, schools and employers providing mail services to the faculty, students, and their employees are also considered ISPs.

What functionality belongs where?

Preventing the end users to use a service for spamming should be done in the MSA, since the MSA is the last stop before handing the mails over to the MTA for delivery. Some spammers have their own MSA, so there is also a need to filter incoming mails for spam and viruses. Filtering incoming mail is done in the MDA. If you want to add users you have to do that in the user database.

So what can SquirrelMail do?

Well, as mentioned before, SquirrelMail acts as the MUA, and if the other system parts allow it, SquirrelMail may also be used to send user configuration settings such as filtering rules, auto respond messages and such to the other systems parts. SquirrelMail is the interface between the end users and the rest of the system.

But everything in my email says SquirrelMail on it. What gives?

Let’s say you want to start a company to compete with Hotmail. Instead of developing a mail system from scratch, you decide to use off the shelf products to keep the costs down. There are a large number of products at the market, but regardless of which MTA, MDA, IMAP server, MSA, and user database you choose, you also need to provide a MUA if you want your end users to have a web based interface. Then you have to configure all system parts so they work well together. Finally you have to brand your service. You decide to use Scablorf as your brand name, even though your market department tell you otherwise. Your main argument is that Yahoo made it to the top, even though “yahoo” means “a boorish, crass, or stupid person”. Clearly, Scablorf is the better choice, since it’s not insulting in any way, and you’re the manager so it’s up to you to decide.

This is where things start to go wrong. You forgot to put your brand name at the front of your service! How could that happen? Well, you decided to use SquirrelMail as your web based MUA, but you didn’t reconfigure it to say Scablorf. SquirrelMail comes preconfigured under its own name, but an ISP who wants to use it as a part of their own service should reconfigure it to show their own brand name. So why doesn’t the ISP do that? I don’t know, but the result is that many people blame SquirrelMail when the problem is with the configuration of the MTA, the MDA, the IMAP server, the MSA, or the user database. Some of them even direct their support questions to the SquirrelMail Project Team, even though the service they are using belongs to some other company.

What about support then?

All questions from end users should be directed to their ISP. Only the ISP knows how the ISP’s service is built and configured. No one else does. The SquirrelMail Project Team provides free, best effort, support to ISPs who have problems they can’t solve themselves, and there are even commercial companies that are willing to sell SquirrelMail support with Service Level Agreements (SLA). So once again: if you’re an end users, contact your ISP; if you are representing an ISP you’re free to contact the SquirrelMail Project Team.

© 1999-2016 by The SquirrelMail Project Team