Isode M-Switch MIXER
M-Switch MIXER is a high performance message switch, providing conversion between X.400 and Internet email according to the MIXER specifications.
M-Switch MIXER is one of the M-Switch family of products. Its X.400 capabilities are based on M-Switch X.400 and its Internet Email capabilities are based on M-Switch SMTP and these should be reviewed for X.400 and SMTP capabilities of M-Switch MIXER. The core product architecture is set out in these two product overviews. This document describes the MIXER capabilities of M-Switch MIXER.
M-Switch MIXER is suitable for any situation where conversion between X.400 and Internet mail is needed.
M-Switch MIXER is a high functionality product with many benefits.
- The MIXER capabilities are central to the product. M-Switch MIXER is based on the core M-Switch multi-protocol message switch system. The architecture of this product is described in M-Switch X.400 and M-Switch SMTP.
- Includes the full X.400 capabilities of M-Switch X.400.
- Includes the full Internet Email capabilities of M-Switch SMTP.
- Standards Conformance. M-Switch MIXER is a full and conformant implementation.
- Full support for the configurable address mappings defined in MIXER.
- M-Switch MIXER supports Off Site Hot Standby (Disaster Recovery).
- LDAP/X.500 directory based configuration. This gives high flexibility, and is recommended for most deployments.
- Table based configuration option, which may be useful for some deployments.
- GUI management of configuration and mappings
- Management Features. The product has a wide range of management features, including configuration, SNMP monitoring, distribution lists, content conversion and address mapping control.
What is MIXER?
MIXER (MIME X.400 Enhanced Relay) is the Internet Standard approach for conversion between X.400 and Internet Mail. This is the industry standard for this function. Isode has been closely connected with MIXER, as Steve Kille, (Isode CEO) led the development and architecture of MIXER since the mid 1980s.
MIXER Core Function
Channels to convert between RFC 822 and X.400 P2 according to the rules of RFC 2156 are provided. Conversion of body parts is performed according to RFC 2157 and RFC 1496. Channels are provided for the conversion of the message body-part types of X.400 and those of MIME (RFC 2045).
M-Switch MIXER supports address translation using both encapsulated addressing flexible address mapping using the standard MIXER address mapping mechanisms. MIXER is a standardized mapping between X.400 and Internet mail specified in RFC 2156. Addresses are mapped algorithmically, with MIXER mappings relating part or all of the domain of an Internet email address to O, OUs, ADMD, PRMD and Country of X.400 OR Addresses. This provides a convenient way to algorithmically map addresses, usually resulting in addresses that are reasonable for human users.
This mapping can be configured in the directory according to RFC 1838. M-Switch MIXER supports this, and provides GUI configuration of the MIXER mappings. A typical MIXER gateway will define a small number of these mappings.
M-Switch MIXER provides flexible configuration to map Importance: and various priority fields.
M-Switch MIXER maps between MIME messages and X.400 or STANAG 4406 messages. Acknowledgements are also mapped in both directions:
- SMTP DSNs (Delivery Status Notifications) are mapped with X.400 Delivery Reports.
- SMTP MDNs (Message Disposition Notifications) are mapped with X.400 IPNs (InterPersonal Notifications).
Per User Address Mappings
M-Switch MIXER extends this core mapping to provide mappings for individual user addresses configured in the directory. A directory entry will hold both Internet and X.400 addresses for a user, and will map between these. This has the benefit of providing a completely flexible mapping for a community of users, and can also utilize information that is already configured in the directory where users have access to both Internet mail and to X.400.
There is flexible configuration for mapping in both directions. It is possible to use multiple directories; each handling different parts of the mail address space. The attributes used for the mappings are also configurable. This is important where a MIXER gateway supports multiple organizations, and there are existing directories for each organization holding the relevant information.
File Transfer Body Part (FTBP)
File Transfer Body Part (FTBP) is an X.400 extension designed to handle transfer of generic information over X.400. The EMA Message Attachment Working Group (MAWG) has defined a specific mode of using FTBP and most X.400 client vendors have adopted this mechanism. The M-Switch supports this format, and enables conversion between this and the corresponding MIME functionality. This enables straightforward exchange of attachments, such as Microsoft Word documents, between Internet Mail and X.400 users.
M-Switch MIXER can map X.400 messages to Internet, by wrapping the X.400 Content as a MIME Body Part according to the X400WRAP specification. This mapping is used by default for X.400 messages which are not InterPersonal Messages, including Military P772 Messages.
MIXER as specified in RFC 2156 does not include any security mappings, as in general mapping of protocol dependent security features does not make sense. M-Switch supports the S/MIME encoding of Secure Internet Messages (RFC 3851).
When messages are received from Internet Email in S/MIME format, S/MIME signatures are verified. This ensures content integrity and originator authentication to the MIXER gateway. Where S/MIME messages are not encrypted, the S/MIME encoding may be stripped and then a standard MIXER mapping is applied. This will map the message to X.400 without S/MIME encoding, which most X.400 clients would not be able to handle.
When mapping from X.400 to Internet Mail, messages may be S/MIME encoded and signed by the gateway. This will provide content integrity and authentication between the MIXER gateway and the Internet Mail recipient.
M-Switch MIXER provides support for structured Security Labels and ad hoc Security Labels.
Structured Security Labels can be carried with X.400 messages, as "X.411 labels" in the message envelope. Structured Security labels can be carried with Internet messages, as "ESS labels" with an S/MIME message as defined in RFC 2634 "Enhanced Security Services for S/MIME". ESS labels and X.411 labels are similar ASN.1 encoded labels.
M-Switch MIXER maps between X.411 and ESS Security Labels. Coming from Internet Mail this is done by extracting the ESS Label and the MIME message from the S/MIME encoding, mapping the label encoding and then sending it as an X.411 label. S/MIME signature verification is also done. Coming from X.400, the reverse happens, mapping an X.411 label to an ESS label wrapped in S/MIME, with the S/MIME signed by the MIXER gateway.
M-Switch MIXER can also provide mappings to FLOT (First Line of Text) and other ad hoc security label format. There is flexible support for a variety of labels in Internet messages which is described in detail in M-Switch SMTP. FLOT labels are also supported on the X.400 side.
M-Switch MIXER can map between structured Security Labels and ad hoc Security Labels in both directions.
For more information see [Security Label Capabilities in M-Switch].
Mapping of STANAG 4406 Headers
M-Switch has support for STANAG 4406 Headings. It handles MMHS headers in SMTP according to RFC 6477 “Registration of Military Message Handling System (MMHS) header fields for use in Internet Mail”. A high level description is provided in “Military Messaging (MMHS) over SMTP”.
Two capabilities are provided:
- Mapping between the MMHS over SMTP headers and STANAG 4406 Headers
- Assigning MTS Grade of Delivery and internal M-Switch Priority according to the MMHS MMHS-Primary-Precedence: header.
M-Switch MIXER Management
Isode's MConsole GUI tool is used for configuration and management of M-Switch MIXER. The screenshot below shows a MIXER (X.400/SMTP Gateway) setup. The address conversion tree is set up for standard MIXER mappings. The configuration pane shows how a number of MIXER mapping options can be set up.
Click to show/hide detail
M-Switch MIXER Configurations
M-Switch MIXER is a flexible MIXER implementation that can be used for high volume gateway deployments. M-Switch MIXER can be evaluated here.
The Isode MIXER implementation is full featured, and works well with a wide range of clients. This contrasts with many implementations which claim to be MIXER, but in practice only implement a restricted subset.
|RFC 1496||Rules for downgrading messages from X.400/88 to X.400/84 when MIME content-types are present in the messages, H. Alvestrand, J. Romaguera, K.Jordan, August 1993|
|RFC 1838||Use of the X.500 Directory to support mapping between X.400 and RFC 822 Addresses, S. Kille, August 1995|
|RFC 2156||MIXER (Mime Internet X.400 Enhanced Relay): Mapping Between X.400 and RFC 822/MIME, S. Kille, January 1998|
|RFC 2157||Mapping between X.400 and RFC-822/MIME Message bodies, H. Alvestrand, January 1998|
|RFC 2253||Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names, M. Wahl, S. Kille, T. Howes, December 1997|
|RFC 2164||Use of an X.500/LDAP directory to support MIXER address mapping, S. Kille, January 1998|
|RFC 3854||Securing X.400 Content with Secure/Multipurpose Internet Mail Extensions (S/MIME), P Hoffman, C Bonatti, A Eggen, July 2004|
S/MIME and Security Label Conformance
|RFC 2634||Enhanced Security Services for S/MIME, P. Hoffman, June 1999|
|Cryptographic Message Syntax (CMS), R. Housley, September 2009|
|RFC 5751||Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification, B. Ramsdell, January 2010|
STANAG 4406 Mapping Conformance
|RFC 6477||Registration of Military Message Handling System (MMHS) Header Fields for Use in Internet Mail. A. Melnikov & G. Lunt, January 2012|
X.400 File Transfer Body Part Mapping conformance
Electronic Messaging Association Interoperability Committee, Message Attachment Working Group (MAWG), File Transfer Body Part Feasibility Project Guide Version 1.5.2 June 1996, Editor: Neil Koorland, Microsoft Corporation.