Service:
smtp
Protocol:
TCPPort:
587Used for:
Email message submission from mail clientsWhy It’s Open
Port 587 is the standard port for SMTP message submission, also known as the submission port. It’s used by email clients to send outgoing messages through their mail servers. Unlike traditional SMTP on port 25, port 587 is specifically designed for authenticated mail submission and typically requires STARTTLS encryption.
Mail servers expose this port to allow legitimate users to send email while implementing better security controls than traditional SMTP. It’s a crucial part of modern email infrastructure.
Common Risks
- Credential Theft
If STARTTLS isn’t enforced, login credentials can be intercepted. - Spam Relay
Compromised accounts can be used to send spam. - Brute Force Attacks
Authentication systems may be targeted. - Version Exposure
Mail server versions may be revealed. - SSL/TLS Vulnerabilities
Weak crypto configurations can be exploited.
Enumeration & Testing
Check if it’s open:
nmap -sT -p 587Test SMTP connection:
telnet 587Check STARTTLS:
openssl s_client -starttls smtp -crlf -connect :587What to Look For
| Checkpoint | What it means |
|---|---|
| STARTTLS not enforced | Connections may fall back to cleartext |
| Weak authentication | Susceptible to brute force attacks |
| Open relay configuration | Could be abused for spam |
| SSL/TLS vulnerabilities | Encryption can be compromised |
Mitigation
- Enforce STARTTLS
Require encryption for all connections. - Strong Authentication
Implement MFA where possible. - Rate Limiting
Prevent authentication brute forcing. - Modern TLS Only
Disable older SSL/TLS versions. - Monitor Usage
Track and alert on unusual sending patterns.
TL;DR
- Port 587 = SMTP Submission
- Required for email sending
- Needs strong authentication
- Must enforce encryption
Known CVEs and Exploits
- CVE-2020-28018 – Exim SMTP server heap-based buffer overflow
- CVE-2019-15846 – Exim SMTP TLS certificate validation bypass
- Hydra SMTP module – Password brute forcing against SMTP AUTH