06 Apr, 2023

Simple Mail Transfer Protocol (SMTP)

Penetration Testing as a service (PTaaS)

Tests security measures and simulates attacks to identify weaknesses.

Simple Mail Transfer Protocol (SMTP) is a standard protocol used for sending email messages between servers and email clients. It is a text-based protocol that defines how email messages should be transmitted over the internet. SMTP is used to send email messages from a sender’s email client to an email server, and then to the recipient’s email server. SMTP is responsible for ensuring that email messages are delivered to the correct recipient and that they are in a proper format for display. It is one of the most commonly used protocols for email communication on the internet.

SMTP common ports

Port 25: This is the default port used by SMTP to transmit email messages between servers. It is an unencrypted port and is used for plain text messages.

Port 465: This is the SMTPS (SMTP over SSL/TLS) port. It is used for secure transmission of email messages over an encrypted connection. This port requires a valid SSL/TLS certificate.

Port 587: This is the submission port, which is used for email clients to send email messages to an email server. It is an authenticated port that requires a username and password to send messages.

Standard commands from unauthorized users

Ping: An unauthorized user may use the ping command to check if the target system is online and responding. This can help them identify potential targets for further attacks.

Nmap: Nmap is a network mapping tool that can be used to scan a network and identify open ports and services. An unauthorized user may use this tool to identify potential vulnerabilities on a system.

Netcat: Netcat is a tool that can be used to create a backdoor into a system. An unauthorized user may use this tool to gain remote access to a system and carry out further attacks.

SSH: Secure Shell (SSH) is a network protocol that allows users to securely access a remote system. An unauthorized user may use SSH to gain access to a system if they have valid credentials.

FTP: File Transfer Protocol (FTP) is a standard protocol used for transferring files between systems. An unauthorized user may use FTP to download or upload files to a system if they have valid credentials.

Tools for using protocol SMTP 

Manual Tools:

  1. Telnet: is a command-line tool that can be used to connect to an SMTP server and manually send email messages. It allows users to interact with the server directly and test SMTP functionality.

  2. PuTTY: is a popular SSH and Telnet client that can be used to connect to an SMTP server and test SMTP functionality. It provides a user-friendly interface and supports various encryption protocols.

  3. OpenSSL: is a command-line tool that can be used to test SMTP functionality by sending encrypted email messages. It supports various encryption protocols and can be used to test server configurations.

  4. Swaks: (Swiss Army Knife for SMTP) is a command-line tool that can be used to test SMTP functionality by sending email messages with various configurations. It supports various authentication and encryption protocols and can be used to test server configurations.

  5. SMTP Diag Tool: is a free tool that can be used to test SMTP functionality by sending email messages with various configurations. It supports various authentication and encryption protocols and can be used to test server configurations.

  6. Mailtrap: is a cloud-based service that can be used to test SMTP functionality by simulating an SMTP server. It provides a user-friendly interface and supports various email clients and protocols.

  7. Wireshark: is a network protocol analyzer that can be used to capture and analyze SMTP traffic. It provides a detailed view of network traffic and can be used to troubleshoot SMTP issues.

  8. MX Toolbox: is a free online tool that can be used to test SMTP functionality by checking DNS records and email servers. It provides a detailed report on server configurations and can be used to troubleshoot SMTP issues.

  9. SMTPTester: is a free online tool that can be used to test SMTP functionality by sending email messages with various configurations. It supports various authentication and encryption protocols and can be used to test server configurations.

  10. MailCatcher: is a tool that can be used to test SMTP functionality by intercepting email messages sent from a local server. It provides a user-friendly interface and can be used to test email functionality during development.

Automated Tools:

  1. SMTP Scan: is an automated tool that can be used to scan networks and identify vulnerable SMTP servers. It can be used to test server configurations and identify potential security risks.

  2. Nessus: is a popular vulnerability scanner that can be used to test SMTP functionality by identifying potential vulnerabilities on servers. It provides a detailed report on security risks and can be used to test server configurations.

  3. OpenVAS: is an open-source vulnerability scanner that can be used to test SMTP functionality by identifying potential vulnerabilities on servers. It provides a detailed report on security risks and can be used to test server configurations.

  4. Metasploit: is a penetration testing tool that can be used to test SMTP functionality by identifying potential security risks on servers. It provides a detailed report on vulnerabilities and can be used to test server configurations.

  5. Nikto: is a web server scanner that can be used to test SMTP functionality by identifying potential vulnerabilities on servers. It provides a detailed report on security risks and can be used to test server configurations.

  6. Burp Suite: is a web application security testing tool that can be used to test SMTP functionality by identifying potential vulnerabilities on servers. It provides a detailed report on security risks and can be used to test server configurations.

  7. Acunetix: is a web vulnerability scanner that can be used to test SMTP functionality by identifying potential security risks on servers. It provides a detailed report on vulnerabilities and can be used to test server configurations.

  8. OWASP ZAP: is a web application security testing tool that can be used to test SMTP functionality by identifying potential vulnerabilities on servers. It provides a detailed report on security risks and can be used to test server configurations.

  9. IBM AppScan: is a web vulnerability scanner that can be used to test SMTP functionality by identifying potential security risks on servers. It provides a detailed report on vulnerabilities and can be used to test server configurations.

  10. HP WebInspect: is a web application security testing tool that can be used to test SMTP functionality by identifying potential vulnerabilities on servers. It provides a detailed report on security risks and can be used to test server configurations.

Last three known CVE for SMTP 

• CVE-2023-27927 – An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks using the SMTP credentials.

• CVE-2022-4312 – A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email account and SIM card.

• CVE-2020-6980 – Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol (SMTP) account data is saved in RSLogix 500, a local attacker with access to a victim’s project may be able to gather SMTP server authentication data as it is written to the project file in cleartext.

Useful information

– SMTP stands for Simple Mail Transfer Protocol.

– It is an email protocol used for sending email messages from one email account to another via the internet.

– SMTP is the main protocol used for sending emails and is the only dedicated method of email sending.

– Email clients connect directly with the email provider’s SMTP server to begin sending an email.

– Several different software programs run on an SMTP server, including Mail submission agent (MSA), which receives emails from the email client.

– SMTP is part of the application layer of the TCP/IP (Transmission Control Protocol/Internet Protocol) network model.

– User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC.

Known banners

Microsoft Exchange Server: “220 <FQDN> Microsoft ESMTP MAIL Service ready at <date and time>”

Postfix Mail Server: “220 <FQDN> ESMTP Postfix”

Sendmail Mail Server: “220 <FQDN> ESMTP Sendmail <version number> ready at <date and time>”

Exim Mail Server: “220 <FQDN> ESMTP Exim <version number> #<process ID> <date and time>”

Qmail Mail Server: “220 <FQDN> ESMTP <version number> ready at <date and time>”

Google Mail Server: “220 mx.google.com ESMTP <version number> <date and time>”

Amazon SES Server: “220 email-smtp.amazonaws.com ESMTP Exim <version number> #<process ID> <date and time>”

Yahoo Mail Server: “220 <FQDN> ESMTP ready”

AOL Mail Server: “220 <FQDN> ESMTP ready”

Gmail Mail Server: “220 smtp.gmail.com ESMTP <version number> <date and time>”

Books for studies SMTP

SMTP A Complete Guide – 2021 Edition: This book provides a comprehensive guide to SMTP, covering the basics of email communication, the SMTP protocol, and how it interacts with other email-related protocols. It also includes practical examples and troubleshooting tips.

Programmer’s Guide to Internet Mail: SMTP, POP, IMAP, and LDAP: This book is aimed at programmers who want to learn about the various Internet mail protocols, including SMTP, POP, IMAP, and LDAP. It provides detailed explanations of each protocol, as well as code examples for implementing them in various programming languages.

Email Deliverability 101: How to Make Sure Your Emails Land in the Inbox: While not strictly focused on SMTP, this book covers the topic of email deliverability, which is closely related. It covers best practices for email marketing, common email deliverability issues, and how to avoid them.

The Book of Postfix: State-of-the-Art Message Transport: This book focuses specifically on the Postfix mail server, which uses SMTP as its main protocol. It covers installation, configuration, and maintenance of a Postfix server, as well as advanced topics like security and scalability.

SMTP and MIME in Java: A Practical Guide: This book provides a practical guide to implementing SMTP and MIME in Java, with code examples and explanations of how the protocols work. It also covers related topics like email validation and attachment handling.

List of Payload for SMTP

  1. Text message. This is the simplest type of payload, which consists of plain text. It can include information such as a message body, a subject line, and the sender’s and recipient’s email addresses.

  2. HTML message. An HTML message is an email message that includes formatted text, images, and hyperlinks. It can be more visually appealing than a plain text message and can include multimedia content such as videos and animations.

  3. Attachments. Attachments are files that are sent along with the email message. They can include documents, images, videos, and other types of files. Attachments are typically encoded in base64 format before being sent over SMTP.

  4. Metadata. Metadata is additional information that is transmitted along with the email message. This can include information about the message’s sender, recipient, date, and time, as well as any other data that is relevant to the message.

  5. Embedded images. Embedded images are images that are inserted directly into the body of an HTML email message. They can be used to enhance the visual appeal of the message and can be viewed without the need for the recipient to download them as separate attachments.

Mitigation

  1. SMTP connections can be secured using SSL/TLS encryption, which can help prevent eavesdropping and tampering of email messages.

  2. SMTP servers should require authentication from clients to ensure that only authorized users can access the system.

  3. Access to SMTP servers should be restricted to only authorized machines and IP addresses to prevent unauthorized access.

  4. Password policies should be enforced to ensure that users choose strong passwords that are difficult to guess or crack.

  5. Spam filtering techniques can be used to identify and block unsolicited emails, which can reduce the risk of phishing attacks and malware infections.

  6. Email attachments can contain viruses and malware, which can be used to compromise the system. Antivirus and antimalware solutions can help detect and remove these threats.

  7. SMTP logs should be monitored regularly to detect any suspicious activity or unauthorized access attempts.

  8. Software vulnerabilities can be exploited by attackers to gain unauthorized access to the system. Keeping software up to date with the latest security patches can help prevent these types of attacks.

Conclusion

SMTP (Simple Mail Transfer Protocol) is a widely used communication protocol for email transmission. It allows email messages to be sent and received between different email servers and clients. However, SMTP is not without its vulnerabilities, and it can be susceptible to various types of attacks, including phishing, malware, and unauthorized access. To mitigate these risks, it is important to implement security measures such as SSL/TLS encryption, authentication, access control, spam filtering, antivirus and antimalware solutions, monitoring, and keeping software up to date. By implementing these measures, organizations and individuals can help ensure the security and integrity of their email communications.

Other Services

Ready to secure?

Let's get in touch