SENDMAIL (25)

• Fingerprint server
  • telnet ip_address 25 (banner grab)
• Mail Server Testing
  • Enumerate users
    • VRFY username (verifies if username exists – enumeration of accounts)
    • EXPN username (verifies if username is valid – enumeration of accounts)
  • Mail Spoof Test
    • HELO anything MAIL FROM: spoofed_address RCPT TO:valid_mail_account DATA . QUIT
  • Mail Relay Test
    • HELO anything
      • Identical to/from – mail from: <nobody@domain> rcpt to: <nobody@domain>
      • Unknown domain – mail from: <user@unknown_domain>
      • Domain not present – mail from: <user@localhost>
      • Domain not supplied – mail from: <user>
      • Source address omission – mail from: <> rcpt to: <nobody@recipient_domain>
      • Use IP address of target server – mail from: <user@IP_Address> rcpt to: <nobody@recipient_domain>
      • Use double quotes – mail from: <user@domain> rcpt to: <“user@recipent-domain”>
      • User IP address of the target server – mail from: <user@domain> rcpt to: <nobody@recipient_domain@[IP Address]>
      • Disparate formatting – mail from: <user@[IP Address]> rcpt to: <@domain:nobody@recipient-domain>
      • Disparate formatting2 – mail from: <user@[IP Address]> rcpt to: <recipient_domain!nobody@[IP Address]>
• Examine Configuration Files
  • sendmail.cf
  • submit.cf