Premium Resources

SMTP Enumeration

The Simple Mail Transport Protocol is used to send email messages as opposed to POP3 or IMAP which can be used to both send and receive messages. SMTP relies on using Mail Exchange (MX) servers to direct the mail to via the Domain Name Service, however, should an MX server not be detected, SMTP will revert and try an A or alternatively SRV records. SMTP generally runs on port 25.

SMTP enumeration allows us to determine valid users on the SMTP server. This is done with the help built-in SMTP commands, they are

  • VRFY – This command is used for validating users.

  • EXPN – This command tells the actual delivery address of aliases and mailing lists.

  • RCPT TO – It defines the recipients of the message.

Tool:

NestScanTools Pro

Countermeasures:

  • Configure SMTP server either to ignore email messages to unknown recipients.

  • Don’t include information like mail relay systems being used, Internal IP address or host information.

  • Disable open relay feature.

Company

Resource

View Sitemap

Disclaimer

PMI®, PMBOK®, PMP® and PMI-ACP® are registered marks of the Project Management Institute, Inc.

The Swirl logo™ is a trade mark of AXELOS Limited.

ITIL® is a registered trade mark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved.

PRINCE2® is a registered trade mark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved.

IASSC® is a registered trade mark of International Association for Six Sigma Certification.

Certified ScrumMaster® (CSM) is a registered trade mark of SCRUM ALLIANCE®

CISSP® is a registered mark of The International Information Systems Security Certification Consortium (ISC)2.

CCNA® is a trademark of Cisco.

Microsoft and MS Project are the registered trademarks of the Microsoft Corporation.

SAP Trademark(s) is/are the trademark(s) or registered trademark(s) of SAP SE in Germany.