Attack SMTP Servers

Attack SMTP Servers

Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (email) transmission. First defined by RFC 821 in 1982, it was last updated in 2008 with Extended SMTP additions by RFC 5321, which is the protocol in widespread use today.
index 300x61 - Attack SMTP Servers

Although electronic mail servers and other mail transfer agents use SMTP to send and receive mail messages, user-level client mail applications typically use SMTP only for sending messages to a mail server for relaying. For retrieving messages, client applications usually use either IMAP or POP3.

SMTP communication between mail servers uses port 25. Mail clients on the other hand, often submit the outgoing emails to a mail server on port 587. Despite being deprecated, mail providers sometimes still permit the use of nonstandard port 465 for this purpose.

SMTP connections secured by SSL, known as SMTPS, can be made using STARTTLS.[1]

Although proprietary systems (such as Microsoft Exchange and IBM Notes) and webmail systems (such as Outlook.com, Gmail and Yahoo! Mail) use their own non-standard protocols to access mail box accounts on their own mail servers, all use SMTP when sending or receiving email from outside their own systems.

SMTP Description Source: Wikipedia

 

Let’s Work

 

 

There are a lot of SMTP servers exposed on the Internet with default configurations, this can be a very serious problem to  lazy admins.

SMTP Attacks

1- Account enumeration

2- Relay Attack

3- E-mail header disclosures

4- Malware