Skip to content

SMTP - 25, 587, 465

  • Simple Mail Transfer Protocol - SMTP - sending emails in an IP network
  • used between an email client/mail server or 2 SMTP servers
  • SMTP is combined with IMAP or POP3

  • PORT 25 | newer on PORT 587 | SSL with PORT 465 *

    * DISADVANTAGES: * no usable delivery confirmation * Users not authenticated when a connection is established. * fake senders can send emails. * security mechanisms - DKIM, SPF identification protocols * Extended SMTP - ESMTP is used with TLS * AUTH PLAIN extension can be used after TLS connex is established.

SMTP Interaction:

*

![](../../../attachments/Pasted-image-20241201183009.png)
  • We can interact using telnet for a tcp sesh
  • Start the session using EHLO or HELO
  • The command VRFY can be used to enumerate existing users on the system.
  • the SMTP server may issue code 252 and confirm the existence of a user that does not exist on the system
  • Status Codes
  • Sometimes we may have to work through a web proxy. We can also make this web proxy connect to the SMTP server. The command that we would send would then look something like this: CONNECT 10.129.14.128:25 HTTP/1.0 *

Default Config:

  • cat /etc/postfix/main.cf | grep -v "#" | sed -r "/^\s*$/d"

Dangerous Settings:

  • To avoid the sent emails from going to SPAM, use a RELAY SERVER that the recipient trusts
  • Sender must authenticate himself to the relay server before using it.
  • mynetwork = 0.0.0.0/0 - allows an OPEN RELAY CONFIGURATION
  • possible to spoof emails

COMMANDS:

  • sudo nmap 10.129.14.128 -p25 --script smtp-open-relay -v
  • smtp-user-enum -M VRFY -U name-footprinting-wordlist.txt -t 10.129.42.195 -w 15