Highest Voted 'smtp' Questions - IT Security Stack Exchange

5

votes

1 answer

SMTP injection, how it is done and what can it cause?

There are a few things that I dont understand about the injection. The injection is something along this line > . MAIL FROM: mail1@gmail.com RCPT TO: mail@gmail.com DATA EMAIL data . Here are two ways to inject in an inline…

smtp

asked Nov 03 '13 at 11:07

Kratos

301
1
4
10

4

votes

1 answer

Checklist for securing smtp

What are some things, one should know when setting up an SMTP server, which supports ESMTP protocol. I have disabled relaying, and only enabled TLS authenticated transfers. when I telnet to my server, this is the…

smtp

asked Jun 10 '13 at 16:26

marcoo

894
1
10
19

3

votes

1 answer

is there a risk in increasing esmtp header line length against rfc5822 - asa/pix question

Have a question towards the 998 bytes limitation on the esmtp header line length. We have noticed the asa is dropping emails coming from various external mail servers with the header line length greater than 998. Have googled a bit on this issue and…

smtp

asked Oct 20 '14 at 19:48

user4565

151
3

3

votes

2 answers

SPF and Articles from News Sites

Suppose I activate SPF in my environment. I am now strictly enforcing SPF records from sending domains. There are many execs in the company who like to forward news stories from CNN and such to their co-workers. When I send the article, CNN asks…

smtp

asked Nov 08 '12 at 22:04

ChrisLoris

151
5

3

votes

1 answer

Is there a list of open mail relays I can use for a pentest?

I'm currently pentesing a client (with permission of course) and we are testing their email filtering capabilities. We want to check whether they reject mail coming from open mail relays, but I seem unable to find any. Is there a list somewhere that…

smtp

asked Mar 15 '19 at 00:32

trallgorm

885
7
22

3

votes

3 answers

How to know an SMTP server is securely configured

I have set up an SMTP server for personal use, and I used Postfix for that. However, Postfix has a lot of different options for how to configure it, and I'm guessing by configuring it incorrectly you can open it up to a lot of security problems,…

smtp

asked May 31 '16 at 15:01

Dragon Creature

183
1
5

2

votes

0 answers

Where to find mails or mail addresses on a web server?

In a training lab I'm using for a computing security certification I just got root access to a SMTP server, and there are so much files to look for. I want to retrieve mails or mail addresses using or stored by this SMTP server. Here are some…

smtp

asked Oct 12 '16 at 10:24

Stephane

23
5

1

vote

3 answers

Is VRFY command enabled on SMTP server usually considered a vulnerability?

Messing around I found a critical SMTP server with VRFY command enabled.

smtp

asked Oct 13 '15 at 18:56

penguin

21
1
3

0

votes

1 answer

Receiving strange data over SMTP where body is one line of random characters

I have a website that has an smtp server open on port 25. There is no outbound functionality on the smtp server. We just parse attachments from our users, then 'queue' the email in a dummy queue. So essentially we drop the email after parsing…

smtp

asked Jul 20 '14 at 21:30

user52355

0

votes

0 answers

Suspicious SMTP server client activity - non-ASCII queries

I've noticed some strange activities from some remote host connected to our SMTP mail server. Queries contains non-ASCII characters, below is the copy of one of them (to each query our server responded with "command not…

smtp

asked Jul 10 '19 at 21:00

Ernestas Gruodis

131
5

0

votes

2 answers

What are recommendations for unblocking outbound SMTP traffic in an organization?

Our organization has blocked all outbound SMTP traffic under the assumption that we are preventing potential botnet spamming issues which lead to blacklisted IPs. However, I've seen other organizations which have been set up to allow this and am…

smtp

asked Mar 22 '19 at 12:50

bjb

103
3

0

votes

1 answer

smtp port 25 connect failed

If I take any host from https://www.arclab.com/en/kb/email/list-of-smtp-and-pop3-servers-mailserver-list.html why I'm not able to telnet to any of the specified ports ? I'm getting: "Connecting To pop.1and1.com...Could not open connection to the…

smtp

asked Feb 17 '17 at 09:52

cyzczy

1,578
5
23
42

0

votes

1 answer

smtp-auth attack ?

it looks someone or something is trying to hack our Exchange. Exchange Server Transport Protocol Logs: it appears the internet facing IP on the firewall has not been locked down correctly, so is open to all internet traffic (the network team will…

smtp

asked Jan 12 '16 at 10:09

cyzczy

1,578
5
23
42

Questions tagged [smtp]