Skip to content
SENDMAIL (25)
- Fingerprint server
- telnet ip_address 25 (banner grab)
- Mail Server Testing
- Enumerate users
- VRFY username (verifies if username exists – enumeration of accounts)
- EXPN username (verifies if username is valid – enumeration of accounts)
- Mail Spoof Test
- HELO anything MAIL FROM: spoofed_address RCPT TO:valid_mail_account DATA . QUIT
- Mail Relay Test
- HELO anything
- Identical to/from – mail from: <nobody@domain> rcpt to: <nobody@domain>
- Unknown domain – mail from: <user@unknown_domain>
- Domain not present – mail from: <user@localhost>
- Domain not supplied – mail from: <user>
- Source address omission – mail from: <> rcpt to: <nobody@recipient_domain>
- Use IP address of target server – mail from: <user@IP_Address> rcpt to: <nobody@recipient_domain>
- Use double quotes – mail from: <user@domain> rcpt to: <“user@recipent-domain”>
- User IP address of the target server – mail from: <user@domain> rcpt to: <nobody@recipient_domain@[IP Address]>
- Disparate formatting – mail from: <user@[IP Address]> rcpt to: <@domain:nobody@recipient-domain>
- Disparate formatting2 – mail from: <user@[IP Address]> rcpt to: <recipient_domain!nobody@[IP Address]>
- Examine Configuration Files