25,465,587 - Pentesting SMTP

Hacktricks

The Simple Mail Transfer Protocol (SMTP) is a protocol for sending emails in an IP network. It can be used between an email client and an outgoing mail server or between two SMTP servers. SMTP is often combined with the IMAP or POP3 protocols, which can fetch emails and send emails.

Client (MUA)

➞

Submission Agent (MSA)

➞

Open Relay (MTA)

➞

Mail Delivery Agent (MDA)

➞

Mailbox (POP3/IMAP)

Default Conf

cat /etc/postfix/main.cf | grep -v "#" | sed -r "/^\s*$/d"
telnet <IP> 25
mynetworks = 0.0.0.0/0 # Open Relay conf

The command VRFY can be used to enumerate existing users on the system. However, this does not always work. Depending on how the SMTP server is configured, the SMTP server may issue code 252 and confirm the existence of a user that does not exist on the system. A list of all SMTP response codes can be found here.

Footprinting

sudo nmap <IP> -sC -sV -p25
sudo nmap 10.129.14.128 -p25 --script smtp-open-relay -v # Openrelay