% run through through LaTeX \documentstyle[12pt]{article} \setcounter{page}{0} \pagestyle{empty} \hyphenation{Phone-Net} \def\tagfigure#1#2#3{% \begin{figure}[t] \hrule \vskip.5\baselineskip \begin{small}\rm \input#1\relax \centerline{\box\graph} \end{small} \vskip.5\baselineskip plus.5\baselineskip \caption{#2} \label{#3} \vskip2pt \hrule \end{figure} } \begin{document} \title{MZnet: Mail Service for Personal Micro-Computer Systems} \author{Einar Stefferud\\ \it President,\\ \it Network Management Associates\\ and\\ \it Visiting Lecturer,\\ \it in Information and Computer Science\\ \it University of California at Irvine\\ \quad\\ Jerry Sweet\\ \it Department of Information and Computer Science\\ \it University of California at Irvine\\ \quad\\ Terrance Domae\\ \it School of Engineering\\ \it University of California at Los Angeles} \date{} \maketitle \newpage \begin{abstract} Traditional computer mail systems involve a co-resident User Agent (UA) and Mail Transfer System (MTS) on a time-shared host computer which may be connected to other hosts in a network, with new mail posted or delivered directly through co-resident mail-slot programs. To introduce personal micro-computers (PCs) into this environment requires modification of the traditional mail system architecture. To this end, the MZnet project uses a {\it split-slot} model, placing UA programs on the PCs while leaving MTA programs on a mail relay host which can provide authentication and buffering. The split-slot arrangement might be viewed as a new protocol level which operates somewhere between the currently defined MTS-MTS and UA-UA levels. \end{abstract} \newpage\pagestyle{plain}\pagenumbering{arabic} \section* {Introduction} Mail systems were born and have grown up on large central time sharing systems, often imbedded in large networks of inter-operating computers with a set of distributed processes automatically transferring mail between users. This is certainly the case with the U.S. Department of Defense (DoD) Advanced Research Projects Agency Network (ARPANET) \cite{ARPANET-Literature} where much of the original computer network mail systems research and development has taken place. Other mail networks such as the Computer Science Network \cite{CACM-83} sponsored by the U.S. National Science Foundation, have also used relatively large shared computers lodged in an institutional setting, though they are often connected together with ordinary dial-up telephone links to form a large geographic network. Another U.S. example is USENET \cite{USENET-Literature} which connects thousands of Unix\footnote{UNIX is a Trademark of Bell Laboratories, Inc.} systems together with informally-supported dial telephone links. Although there have been several attempts, there appear to be no successful mail networks based on small personal computers, such as those that use the CP/M\footnote{CP/M is a Trademark of Digital Research, Inc.} or MS-DOS\footnote{MS-DOS is a Trademark of Microsoft Corporation.} operating systems. \tagfigure{figure1}{The MHS Model}{mhsmodel} The accepted architectural model (see Figure~\ref{mhsmodel}) for computer network mail (first articulated by the IFIP 6.5 Systems Environment Working Group) involves a User Agent (UA) which posts new mail items through a mail slot \cite{Vittal81,Deutsch81,Pickens81,Kerr81} to a Mail Transfer Agent (MTA) which delivers posted items to designated UA recipients through corresponding delivery slots. When mail is to be delivered to a UA on another host, it is transferred first to another MTA on the recipient user's host, which in turn puts the mail item through its local delivery slot. In this model, a Mail Transfer System (MTS) may be viewed as a collection of MTAs with network connections among them to provide Mail Transfer Services for a large number of users on different host computers. Replicating this UA/MTA/MTS model on a personal micro-computer (PC) is not an easy task. Aspects of PCs that make support of this model difficult include limited storage capacities, limited processing capabilities, and the fact that PCs are geared to support a single user rather than several users at once. A PC with limited secondary diskette storage and limited processing capacity (often single-thread) is not well suited to support the full range of automatic interactions between a UA and an MTA, or the necessary interactions between MTAs in an MTS. For example, we do not see any way to certify PC systems for authentication of posted mail. A PC can change its entire character and behavior with insertion of a new program diskette, suggesting that it is the operating system diskettes and their users that must be certified, rather than the computers. Review of certification issues shows that it is not the computer, but its operators and managers that must be certified, and this involves the notions of central management and control. All this is lost in the maze of PCs that we see proliferating on and off our campuses, in and out of our offices and homes. Thus, we see a need for a new arrangement with the UA separated from its MTA, and using communication protocols to interact with it in ways that resemble MTA-to-MTA interactions. The UA is placed on the PC end, while the more complex tasks performed by the MTA are relegated to the remote host end. The remote MTA must authenticate mail items offered by the PC-based UA, just as it would for a co-located UA, but the task is more difficult because the PC UA is potentially anyone among the public telephone connectable population. This can be handled with password systems, but recognition and identification are not the only services to be provided at the posting slot. Posting also requires some validation of recipient addresses, and validation of the syntax and semantics of certain header fields. Example standards are provided by the U.S. National Bureau of Standards (NBS) and the U.S. DoD ARPANET for the format of mail to be transferred \cite{RFC-822,NBS,CCITT}. The new arrangement described in this paper might be called a {\it split mail slot} in that the UA side of the slot is split away from the MTA side. Although the UA and MTA may be on opposite ends of a telephone connection, they must still act together as a single processing unit to move mail from one to the other, with all that this may entail. This gives rise to a number of new MTA/UA requirements such as error control for service requests, user intervention to select items for delivery, and user postponement or rejection of delivery without triggering failure notices to senders. These are not serious problems when both MTA and UA are programs running on a single host. For example, with both UA and MTA on the same host, unwanted junk mail is simply deleted at low cost, compared to the cost of deletion after a long delivery transmission time. Better that our PC users be able to discard items without delivery transmission. \subsection* {Overview of the MZnet Environment} The MZnet project is an undergraduate student effort sponsored within the Information and Computer Science (ICS) Department of the University of California at Irvine (UCI) in Southern California. For the past 2 years, the UCI mail network, known as ZOTnet, has been connected into the Computer Science Network (CSnet) and in 1984, has joined the DoD ARPA Internet with a {\it Split-Gateway} connection \cite{Rose84} to the University of Southern California Information Sciences Institute (USC-ISI). The MZnet split-slot arrangement may have some similarities to the Split-Slot Internet Gateway at least in name, but the problems and the implementations are quite different. The UCI ZOTnet environment \cite{Rose83-1} gives the MZnet project a full-fledged Internet-class mail system as its foundation. The MZnet project objective is to extend this class of mail service to personal computers located in student and faculty residences, offices and laboratories, without waiting for full-blown local area networking to first provide connections. This follows a pattern of making the most of existing facilities to provide a reasonable level of service. The UCI ZOTnet uses the CSnet-provided MMDF (Multi-channel Memo Distribution Facility) software \cite{MMDF} from the University of Delaware to interconnect two VAX 750 Unix systems with two DEC TOPS-20 systems through a port selector, with dial telephone connection to a CSnet relay \cite{CSNET-UCI}. The ZOTnet has since evolved into an ethernet-connected local area network with the aforementioned gateway connection into the DoD Internet. The ZOTnet also connects to USENET with the UUCP protocols, and provides format transformations for mail flowing between protocol domains \cite{Rose83-2,RFC-MMM}. Adding to the reach of the ZOTnet with MZnet is a natural part of its evolution\footnote{For those who are properly curious about such things, the name ``ZOTnet'' derives from the cry of the UCI mascot which is the Anteater from the B.C. comic strip, and MZnet is simply a contraction for Micro-ZOTnet.}. To this point we have set the context of the MZnet project. The remainder of this paper is devoted to relatively technical discussions of implementation of the PC user agent programs and the split-slot UA/MTA interface. \section* {The MZnet User Agent: CP/MH} CP/MH is a collection of programs designed to work in conjunction with the Micro ZOTnet (MZnet) as an extension of the UCI ZOTnet. CP/MH programs permit a user of a CP/M 2.2-based microcomputer to send and receive ZOTnet mail messages, as well as to manipulate them locally on floppy disks. The CP/MH programs are written in the C programming language and should be portable to similar operating environments, such as MS-DOS, etc. CP/MH is based on the UCI version of the Rand MH message handling system \cite{MH} for the Unix operating system. The major philosophical differences between CP/MH and typical user agents such as MSG \cite{Vittal81} and its descendants are those of modularity and of user interface. In CP/MH (as in MH) the user does not invoke a single monolithic program to deal with mail, but rather invokes individual, non-interactive programs with common knowledge of the way messages are stored. Each program has default behavior which can be modified by using Unix-style command line options at time of invocation or through a user profile. Help messages can also be evoked from CP/MH programs. \subsection* {Messages and Folders} The format of a CP/MH message adheres more or less to the syntax described in RFC 822 in which a message consists of headers containing information pertaining to the message source and destination, and the message body, separated from the headers by a blank line. An example of such a message might be: \begin{verbatim} Date: 02 Nov 83 23:04:53 PST (Wed) To: Toto From: The Great And Powerful Oz Subject: What Be Your Excuse? What's the matter? I ask you for a simple thing like "distribute this to Witch@Oz-West," and you can't do it. You undergrads will do anything to get out of work! --ozzie \end{verbatim} Following the MH convention, each message is kept in a separate file. Since a message is simply ASCII text, it can be operated upon by non-CP/MH programs (such as text editors, in particular). Collections of messages are called {\it folders}. Under CP/MH, folders are represented by several files: an {\it info} file, containing maintenance information about the folder, and a set of message files with the same name as the info file, but with unique numeric suffixes ({\it extensions} in CP/M parlance). An example of this naming scheme might be: {\tt \begin{description} \item[{\tt DRAFT}] {\rm the info file for the {\tt DRAFT} folder} \item[{\tt DRAFT.001}] {\rm message 1 in the folder} \item[{\tt DRAFT.002}] {\rm message 2 in the folder} \item[{\tt DRAFT.003}] {\rm message 3 in the folder} \end{description} } The number of messages that may be stored in a folder is limited primarily by the storage capacity of a floppy disk, but also by the three-digit limit of a CP/M extension. The info file contains a field named {\tt CURRENT:} specifying the current message number. The current message number signifies the default message operated upon by CP/MH commands using a particular folder. The current message number may be modified by some commands. An example of the contents of the info file {\tt DRAFT} might be \begin{flushleft} \hspace{.5in} {\tt CURRENT: 3} \end{flushleft} This indicates that the file {\tt DRAFT.003} would be operated upon when default conditions apply (i.e. when no message number is explicitly given to a CP/MH command). Possible future uses for the info file include named message sequences (a set of messages to which commands may be applied as a whole) and user profile information for application to particular folders (there is presently a single user profile, described shortly). A floppy diskette may contain more than one folder, but folders do not extend over more than one floppy diskette; therefore two different diskettes may contain folders with the same name. \subsection* {CP/MH Commands} Commands operating on messages can be divided into several general categories: \medskip \begin{description} \item[Transporting:] sending, receiving \item[Viewing:] selecting for display, showing header summaries \item[Creating:] composing, replying, forwarding \item[Archiving:] categorizing, refiling, deleting, sorting \end{description} \medskip The architecture of CP/MH permits the simulation of some of these categories using standard CP/M commands when CP/MH, in its present primitive state, does not cover them. A minimal functionality is presently provided by the following four commands: \medskip \begin{description} \item[COMP] composes mail items: creates a file containing header information taken from a standard or user-specified template. This newly-created file may be edited to fill in the header fields and body. \item[REPL] replies to mail items: creates a file containing header information appropriate for answering a given mail item. This newly-created file may be edited to change header fields and fill in the body. \item[SEND] sends mail items: posts selected items through the split-slot from a draft folder. \item[INC] receives mail items: takes delivery of selected items across the split-slot, incorporating them into a mailbox folder. \end{description} \medskip These commands, with a few enhancements and modifications appropriate to the CP/M environment, are functionally almost identical to their Unix MH counterparts. CP/MH commands are invoked like any other CP/M commands such as ED, PIP, or DIR. Command line options are generally preceded by a dash (e.g. {\tt -editor A:ED}), and may be abbreviated. Folder names are preceded by a plus (e.g. {\tt +B:DRAFT}). Messages are identified by numbers or by the special names {\tt first}, {\tt last}, {\tt current}, {\tt next}, and {\tt previous}. An example of use of a CP/MH command is: \begin{flushleft} \hspace{1in} {\tt comp -edit a:ed -use last +b:draft -log} \end{flushleft} This particular example will edit the last-composed message (the {\tt -use last} option) in the folder {\tt DRAFT} on disk drive {\tt B:} (the {\tt +b:draft} option), using the standard CP/M editor ED on disk drive {\tt A:} (the {\tt -edit a:ed} option), and prompting the user when it is appropriate to change disks (the {\tt -log} option). All CP/MH commands have a {\tt -help} option which displays all available options for the particular command invoked. Another common option is {\tt -log} which permits the user to change ({\it relog}) diskettes after invoking a command, for purposes of selecting diskettes with message folders or with editor programs. This is particularly useful on single-drive systems or on systems with diskettes of low storage capacity. \subsection* {The Profile} If there are options commonly used with a particular CP/MH command, they may be entered in the user profile contained in the file called (naturally enough) {\tt PROFILE}, which must exist on the same diskette on which CP/MH commands reside and from which the commands are invoked. A profile entry consists of a program name followed by a colon and the options to be used with that program, for example: {\tt \begin{flushleft} \hspace{1in} comp: -editor A:VEDIT +B:outbox -log \\ \hspace{1in} repl: -editor A:VEDIT -log \\ \hspace{1in} send: +B:outbox \\ \hspace{1in} inc: +B:inbox -log \end{flushleft} } Individual profile components are overridden by options given at the time of invocation (e.g. {\tt -noedit} given on the command line will override the {\tt -editor} profile component for a particular command). \section* {The MZnet Split-Slot Mail Transfer System} The MZnet split-slot software implements a peer-to-peer communication protocol between a time-sharing host's MTA and a personal micro-computer (PC) UA. This MZnet protocol extends the UA/MTA/UA model of computer-based message systems (CBMS) to provide a split gateway function between individual PCs and the ZOTnet similar to the UCI ICS split Internet gateway described previously (see Figure~\ref{splitslot}). \tagfigure{figure2}{The Split-Slot Model}{splitslot} \subsection* {The Structure of the Split-Slot} The MZnet Split Gateway consists of three distributed processing components: \medskip \begin{itemize} \item A PC running a UA (in MZnet, CP/MH) acting as the mail server. \item A mini/mainframe host running a full MTA (MMDF in MZnet) providing mail relay services. \item A communication protocol (a modified version of MMDF PhoneNet) to connect the two ends of the split-slot. \end{itemize} \medskip Although this combination may not be unique, the method by which the MZnet split-slot bonds these parts together uniquely deals with the problems of remote user agents. In addition to overcoming limited storage and processing capacities, remote user agents must deal with noisy modem lines, mail software certification, and mail system security problems. The MZnet architecture appears to solve these problems with a clean mail interface for PCs. \subsection* {The MZnet Mail Server} The split-slot mail server consists of a set of {\it command packet} programs run from the PC. These programs simply present commands through the PhoneNet communication protocol to the mail relay slave program on the host. Some basic commands are: \medskip \begin{description} \item[PostMail] posts mail drafts to MTA \item[GetMail] accepts mail from MTA \item[RemoteScan] displays information about waiting mail \item[Quit] drops connection between PC and Host \end{description} \medskip Each command has the form: \begin{flushleft} \hspace{.5in} Command Request \\ \hspace{.5in} Data Transmission \\ \hspace{.5in} Command Termination \end{flushleft} For example, the PostMail command is a small program that: \medskip \begin{itemize} \item initiates a command with the Mail Slave by sending the command name (PostMail) encoded within a PhoneNet packet; \item sends a series of PhoneNet packets that contain pieces of the mail item to be posted; \item finally sends a command termination signal to end the transaction without terminating the connection between host and PC. \end{itemize} \subsection* {The MZnet Channel To MMDF} The MZnet Channel runs on the MTA host under the University of Delaware's MMDF (Version 1) and is responsible for both delivery of received mail to MZnet users, and posting of MZnet user-originated mail. The MMDF MZnet channel maintains a unique message queue for each registered MZnet user. As new mail items arrive, they are posted to the appropriate queues, where MZnet holds the mail items for pickup by their registered recipients. To send or receive mail, the MZnet user must attach to the host, log into the public MZnet account, and identify (authenticate) himself. During the MZnet session with the host, the user has access only to that restricted set of functions provided by the MZnet split gateway protocol: he may request delivery of queued mail with GetMail, or post new mail with PostMail. Prior to taking delivery of queued mail, a survey of waiting mail also may be requested with RemoteScan to obtain message size information (among other data) to allow intelligent disposition of mail in the queue. Hidden within these activities are issues of security and certification. To certify and establish the identity of the user, a second password is requested after logging into the public MZnet account. This certification procedure allows MZnet to certify the source of originated mail. A relatively secure environment is provided by MZnet, as it is the only interface to the host permitted to MZnet users (once beyond the public login procedure), and it offers only the severely restricted set of PhoneNet-encoded commands. Aside from security issues, using a single account to handle all MZnet users reduces demands on system resources. \subsection* {The MZnet-PhoneNet Protocol} A unique facet of the MZnet system derives from the PhoneNet File Transfer Protocol (FTP). PhoneNet FTP is a simple error-checked packet protocol which transfers ASCII plaintext. PhoneNet encodes any non-plaintext character (or any other character ``forbidden'' by the idiosyncrasies of the communicating systems) by mapping it onto an ``accepted'' character set. The accepted character set mapping is determined by a ``negotiating'' session between the two systems at the start of the PhoneNet session. MZnet transfers all information (both commands and data) in PhoneNet packets to obtain error control. The MZnet-PhoneNet command FTP tolerates noise with a high degree of success, and in effect, connects both ends of the Split Slot together with a reliable set of virtual wires. \subsection* {MZnet Session Example} Here, a typical MZnet session is presented, with the UA commands issued from the PC side of the connection printed in a {\tt typewriter} typeface, and the responses from the host side printed in an {\it italic} typeface. PhoneNet interactions are indented. The initial connection to the host is accomplished with the {\tt term} program, which provides a simple terminal emulation function. The prompt of the PC for a UA command is ``A$\rangle$''. Note that passwords are never echoed by the host system. \begin{tabbing} xxxxxxxx \= xxxxxxx \= \kill \> A$\rangle$ {\tt term} \\ \> {\it login:} {\tt mznet} \\ \> {\it password:} \\ \> {\it MZ-Password:} \\ \> \> PhoneNet packet negotiation \\ \> {\it Connected.} \\ \> \> exit terminal mode \\ \> A$\rangle$ {\tt send cur} \\ \> \> PostMail command \\ \> \> message text packet transmission \\ \> \> command terminator \\ \> A$\rangle$ {\tt quit} \\ \> \> Quit command \\ \> {\it Disconnecting.} \end{tabbing} \section* {Conclusions} The main conclusions of this paper are that small personal computer systems with dial-up phone connections constrain User Agent systems design in ways that require use of a {\it split-slot} interface between the UA and its supporting Mail Transfer Agent (MTA), and that this interface will best provide the required services if it has error controlled command and data transfer facilities, with interactive behavior. It is also believed that a good design for the small PC UA is based on a very modular architecture, such as the Rand MH system, which has been used as a pattern for the MZnet UA. By bringing these concepts together, we expect MZnet to provide reliable UA/MTA service to a distributed set of small personal computers, to match the quality of service that is normally only available from larger mainframe host systems with co-resident UA/MTA pairs. \bibliography{mznet} \end{document}