D. J. Bernstein

OFMIP: Old-Fashioned Mail Injection Protocol

What is OFMIP?

OFMIP, the Old-Fashioned Mail Injection Protocol, is the de facto standard mail-injection protocol. There is no de jure standard describing OFMIP.

OFMIP looks very much like SMTP. Beware that OFMIP clients are often incorrectly labelled as SMTP clients.

What's the difference between OFMIP and SMTP?

An OFMIP server transforms each envelope address and each message text received from the client, according to rules defined by the server. For example, a typical OFMIP server will insert a Message-ID field into any message that does not have one.

What changes are made by typical OFMIP servers?

Here are some common OFMIP transformations: Many servers support more sophisticated transformations.

How is OFMIP used?

Many sites use OFMIP servers, instead of SMTP servers, to receive incoming mail on port 25. This is dangerous. A typical OFMIP server's transformations are appropriate for outgoing mail but not for incoming mail.

Other sites provide SMTP servers to receive incoming mail, and provide separate OFMIP servers for the benefit of authorized clients. Some sites run OFMIP on TCP port 26. It is safe to use port 25 on a host that does not receive incoming mail.

An OFMIP client lets the user supply the name or IP address of an OFMIP server. Some clients, unfortunately, always connect to port 25. Many clients support the syntax mail.af.mil:26 for port 26 on mail.af.mil.

What about port 587?

TCP port 587 has been set aside for the SUBMIT protocol, which is very similar to OFMIP. Unfortunately, the SUBMIT specification has several fundamental flaws that make compliance practically impossible. I advise against all use of port 587.