abuse

Nmap scan

sudo nmap -Pn -sV -sC -p25,143,110,465,587,993,995 --script=smtp* -p 25 "$ip"

Interact with the SMTP server

telnet "$ip" 25
nc "$ip" 25

Send mail

swaks --to itsupport@"$domain" --from marmeus@marmeus.com --server "$domain" --body "http://10.10.16.16/"

User enum

smtp-user-enum -M VRFY -U /usr/share/wordlists/metasploit/unix_users.txt -t "$ip"

Open Replay attack

mynetworks = 0.0.0.0/0

#With this setting, this SMTP server can send fake emails and thus initialize communication b/w multiple parties. Another attack would be to spoof the email and read it.

Default config file

cat /etc/postfix/main.cf |grep-v "#"|sed-r "/^\s*$/d"

Previoussmtp Nextenumeration

Last updated 1 day ago

hashtagNmap scan

hashtagInteract with the SMTP server

hashtagSend mail

hashtagUser enum

hashtagOpen Replay attack

hashtagDefault config file

Nmap scan

Interact with the SMTP server

Send mail

User enum

Open Replay attack

Default config file