Below is a 30–40 minute SMTP lesson plan suitable for college-level networking courses . It includes: purpose, tools, installations, commands, protocol operations, Telnet interaction, data formats, and references to typical Wireshark visuals (without reproducing copyrighted images).
📘 SMTP Lesson Plan (30–40 Minutes)
Topic: Simple Mail Transfer Protocol (SMTP)
Audience: Networking / IT Students
Goal: Understand SMTP purpose, workflow, commands, install & test SMTP on Ubuntu, and observe the protocol using Telnet & Wireshark.
1. Introduction (3–5 minutes)
What is SMTP?
- SMTP = Simple Mail Transfer Protocol
- Purpose: Transfers email from client → server → another server
- Operates at Application Layer (Layer 7)
- Uses TCP port:
- 25 (server-to-server)
- 587 (submission with TLS)
- 465 (legacy SSL)
When SMTP is used
- Sending email from a mail client (like Thunderbird, Outlook).
- Relaying mail between mail servers.
- Transporting server-generated notifications (cron, monitoring).
2. Tools Required (1–2 minutes)
| Tool | Purpose |
|---|---|
| Ubuntu Server | Install and run SMTP daemon (Postfix). |
| Telnet or Netcat | Manual SMTP interaction. |
| Wireshark | Capture & analyze SMTP packets. |
| DNS Tools (dig/nslookup) | Check MX records for mail routing. |
3. Ubuntu Setup (5 minutes)
Install Postfix SMTP Server
sudo apt update
sudo apt install postfix
When prompted:
- Select Internet Site
- System mail name:
yourdomain.test(or localhost)
Check Postfix Status
sudo systemctl status postfix
Check SMTP is listening
sudo ss -tlnp | grep 25
Log file for debugging
sudo tail -f /var/log/mail.log
4. SMTP Protocol Basics (5 minutes)
SMTP uses simple ASCII-based commands.
You can refer to standard diagrams online (e.g., RFC 5321 command flow), which show:
Client → Server commands
Server → Client status codes
Common SMTP Commands
| Command | Purpose |
|---|---|
| HELO / EHLO | Identify client (EHLO supports extensions). |
| MAIL FROM: | Sender envelope address. |
| RCPT TO: | Recipient address. |
| DATA | Begins message content. |
| QUIT | Close connection. |
| RSET | Reset session. |
| VRFY | Verify user existence (often disabled). |
Common SMTP Status Codes
| Code | Meaning |
|---|---|
| 220 | Server ready |
| 250 | OK |
| 354 | Start message input |
| 421 | Service unavailable |
| 550 | Mailbox unavailable |
| 551 | User not local |
| 552–554 | Message rejected |
Reference:
Online SMTP diagrams typically show a vertical message exchange: client commands on left, server replies on right, with arrows showing flow.
5. SMTP Workflow (4 minutes)
Step-by-Step Exchange
- Client connects to port 25
→ Server replies220 - HELO/EHLO
→ Server lists capabilities - MAIL FROM:
→ Server responds250 OK - RCPT TO:
→ Server responds250 OK - DATA
→ Server responds354 End with <CRLF>.<CRLF> - Message body sent
→ End message with a single dot. - QUIT
This is the “Envelope + Content” model.
6. Hands-On SMTP via Telnet (8 minutes)
Connect to the local SMTP server
telnet localhost 25
Sample Full Exchange
Connected to localhost.
220 mail.yourdomain.test ESMTP Postfix
EHLO client.test
250-mail.yourdomain.test
250-PIPELINING
250-SIZE 10240000
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 8BITMIME
MAIL FROM:<alice@client.test>
250 2.1.0 Ok
RCPT TO:<bob@server.test>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Test Email
From: alice@client.test
To: bob@server.test
Hello Bob,
This is a test sent via raw SMTP.
.
250 2.0.0 Ok: queued as XYZ123
QUIT
221 2.0.0 Bye
What Students Should Notice
- Interaction is plain-text, line-based.
- Email has:
- Headers (Subject, From, To)
- Blank line
- Body
- Ending with
.terminates DATA mode.
7. Listing Mails in the Queue (Postfix) (2 minutes)
Show queue
mailq
Remove queue
sudo postsuper -d ALL
8. SMTP Message Format (3 minutes)
Students can search for diagrams of:
- SMTP envelope vs. email headers
- RFC 5322 message structure
Typical Email Format
MAIL FROM: <sender@example.com> ← Envelope
RCPT TO: <receiver@example.com> ← Envelope
--- Data Section ---
Subject: Meeting Tomorrow
From: Sender <sender@example.com>
To: Receiver <receiver@example.com>
Date: Tue, 02 Dec 2025 13:15:00 -0500
Hello,
This is the body of the message.
Key concepts:
- Envelope addresses ≠ Header addresses
- Headers follow strict ASCII formatting
- Blank line separates headers from body
9. Analyzing SMTP Traffic in Wireshark (5 minutes)
Tell students to search:
“Wireshark SMTP packet details” images
These images typically show:
What Wireshark Displays
- TCP handshake (SYN, SYN-ACK, ACK)
- SMTP commands as text under
Application Layer - Status codes (220, 250, 354)
- DATA block containing header fields and message body
Filters
tcp.port == 25
smtp
Things to point out
- Application Layer tree expands to show each command.
- DATA section shows full email contents.
- No encryption on port 25 → Wireshark can see everything.
Students will notice:
- How HELO/EHLO appears as plain text.
- How the message body is captured.
- How multiple packets represent a single message transfer.
10. Wrap-Up (2 minutes)
Key Takeaways
- SMTP is the primary protocol for sending emails.
- Simple plaintext command/response system.
- Postfix provides a working SMTP server for labs.
- Telnet allows manual testing.
- Wireshark reveals how SMTP messages appear on the wire.
Optional Homework / Lab
- Capture an SMTP session with Wireshark.
- Send mail using
sendmailormailcommand. - Configure SMTP over TLS (STARTTLS).
Below is (1) a clean, professional ASCII diagram of the full SMTP flow, and (2) a fully structured SMTP Lab Assignment with step-by-step tasks for students.
Everything is original, copyright-free
📘 1. Full SMTP Flow Diagram (ASCII)
This diagram shows the complete sequence between Mail User Agent (MUA), Mail Submission Agent (MSA), Mail Transfer Agent (MTA), and Mail Delivery Agent (MDA).
+------------------+
| User Client |
| (MUA: Thunderbird,
| Outlook, etc.)|
+--------+---------+
|
| SMTP Submission (Port 587)
v
+------------------+
| MSA (Postfix) |
| Mail Submission |
+--------+---------+
|
| SMTP Relay (Port 25)
v
----------------------------------------------------------------
| Internet (Multiple MTAs) |
| |
| +------------------+ +------------------+ |
| | MTA #1 | ---> | MTA #2 | ---> ... |
| | Mail Transfer | | Mail Transfer | |
| +------------------+ +------------------+ |
----------------------------------------------------------------
|
| SMTP Delivery (Port 25)
v
+------------------+
| MDA (Local Mail |
| Delivery Agent) |
| e.g., Dovecot |
+--------+---------+
|
| Stores message
v
+------------------+
| User Mailbox |
+------------------+
|
| IMAP/POP Retrieval
v
+------------------+
| Recipient MUA |
+------------------+
SMTP Command/Response Flow Between Client & Server
Client → 220 Server Ready
Client → EHLO client.example
Server → 250-Server features
Client → MAIL FROM:<alice@example.com>
Server → 250 OK
Client → RCPT TO:<bob@example.com>
Server → 250 OK
Client → DATA
Server → 354 End with <CRLF>.<CRLF>
Client → (headers + message body)
Client → .
Server → 250 Message Queued
Client → QUIT
Server → 221 Goodbye
📘 2. Full SMTP Lab Assignment (Step-By-Step)
Lab Duration: 45–60 minutes
Environment: Ubuntu Server + GNS3 VM or physical system
Learning Outcomes:
- Install and configure SMTP (Postfix)
- Perform SMTP transactions using Telnet
- Analyze SMTP packets using Wireshark
- Understand envelope vs. header processing
- Observe mail queue behavior
🔧 Part 1 — Setup (10 minutes)
1. Update System
sudo apt update
2. Install Postfix
sudo apt install postfix
During setup:
- Select: Internet Site
- System mail name:
labmail.test
3. Confirm Postfix is Running
sudo systemctl status postfix
4. Verify Port 25 Listening
sudo ss -tlnp | grep 25
📡 Part 2 — Manual SMTP Interaction (15–20 minutes)
You will manually simulate an email client by using Telnet to speak SMTP commands to the server.
1. Install telnet
sudo apt install telnet
2. Connect to SMTP
telnet localhost 25
You should see:
220 labmail.test ESMTP Postfix
3. Identify Yourself
EHLO student.test
Expected:
250-labmail.test
250-PIPELINING
250-SIZE 10240000
250-STARTTLS
250 8BITMIME
4. Start Sending an Email
MAIL FROM:<alice@student.test>
250 OK
RCPT TO:<bob@student.test>
250 OK
5. Enter DATA Mode
DATA
354 End data with <CRLF>.<CRLF>
6. Type Message
Subject: Lab SMTP Test
From: Alice <alice@student.test>
To: Bob <bob@student.test>
Hello Bob,
This is a test email sent manually using SMTP.
.
Server should reply:
250 OK: queued as ABC123
7. Quit
QUIT
221 Bye
📬 Part 3 — Inspect the Queue (5 minutes)
1. View Mail Queue
mailq
2. View logs
sudo tail -f /var/log/mail.log
3. Clear Queue (optional)
sudo postsuper -d ALL
🔍 Part 4 — SMTP Packet Analysis with Wireshark (10–15 minutes)
1. Start Wireshark
Use interface: lo (loopback) or eth0 depending on lab setup.
2. Apply Filters
SMTP filter:
smtp
Or:
tcp.port == 25
3. Repeat the Telnet SMTP Steps
Wireshark will show:
- TCP handshake
- Plain-text SMTP commands
EHLO,MAIL,RCPT,DATA- The entire message body, including headers and content
(good demonstration of SMTP being unencrypted).
4. Students Should Identify:
- SMTP status codes
- Envelope commands
- Message headers (Subject, From, To)
- Body block ending with
. - Server replies (250, 354, 221)
📝 Part 5 — Written Questions (Instructor-Evaluated)
Students answer the following:
1. What is the purpose of EHLO vs HELO?
(Expect: EHLO identifies client and requests extended SMTP features.)
2. Why is DATA separated from the envelope?
(Expect: Envelope controls routing; DATA contains RFC 5322 email.)
3. Why does SMTP require <CRLF>.<CRLF> to end data?
4. Why can Wireshark read everything over port 25?
(Expect: SMTP is plaintext without TLS.)
5. Describe one security issue with allowing open relay.
📦 Part 6 — Optional Extensions
1. Enable STARTTLS
Show how encrypted SMTP prevents Wireshark from reading content.
2. Add DNS MX Record Lab
Use dig MX to observe mail routing.
