Service:
Postfix ,
Exim ,
Sendmail
Protocol:
TCPPort:
25Used for:
Sending email between serversWhy It’s Open
SMTP is used for email delivery between mail servers. If you’re running an email server, this port needs to be open. But if misconfigured, it’s an easy way in for spammers.
Common Risks
- Open Relay: Can be abused to send spam if relay is not restricted.
- Banner Info Disclosure: SMTP servers often leak version and host info.
- Brute Force & Enum Attacks: SMTP can be used to enumerate users.
- STARTTLS Downgrade Attacks: If not properly enforced.
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Check if it’s open
nmap -sV -p 25nmap -p 25 --script=smtp-enum-usersBanner Grab
nc 25Check for open relay
telnet 25HELO test.comMAIL FROM:RCPT TO:What to Look For
| Checkpoint | What it means |
|---|---|
| Open relay | Can be abused for spam campaigns |
| Version info exposed | Easier fingerprinting for exploits |
| STARTTLS not enforced | Potential for MITM attacks |
Known Exploits
- CVE-2011-1720
A memory corruption vulnerability in the Postfix SMTP server when using Cyrus SASL authentication mechanisms other than PLAIN and LOGIN, potentially leading to denial of service or remote code execution.
Mitigation
- Configure proper relay restrictions.
- Hide version info with
smtpd_banner. - Enforce STARTTLS and secure authentication.
- Use SPF, DKIM, and DMARC.
Real-Life Examples
Misconfigured SMTP servers have been blacklisted after being unknowingly used to relay spam, leading to mail delivery issues and reputation damage.
TL;DR
- Service: SMTP (Email Transmission)
- Default Port: 25/TCP
- Risks: Denial of service, spam relay
- Mitigation: Apply patches, configure access controls, monitor email traffic