smtp-cli to test open-relay SMTP server

A SMTP server provides mail relay/delivery services. A SMTP server without limiting mail relaying for outside machines would become serious security problem.

A good and secure SMTP server should not provide open-relay function to the public.

We can use “smtp-cli” program to test if a SMTP server provides open-relay function.

Installation

  • Go to https://github.com/mludvig/smtp-cli/
  • Download the latest version of program.
  • Unzip it.

(Optional)
Sometimes you need more libraries. The followings may be required if you are running Ubuntu

apt install  libio-socket-ssl-perl  libdigest-hmac-perl  libterm-readkey-perl libmime-lite-perl libfile-libmagic-perl libio-socket-inet6-perl

Local Test

First, let’s test the program on the local SMTP server.

./smtp-cli --verbose --server localhost

Test Remote SMTP Server

Test port 25

./smtp-cli --verbose --host xxx.abc.com:25 --from test@src.com --to user@destination.com --body-plain "Hello"

Test port 587

./smtp-cli --verbose --host xxx.abc.com:587 --enable-auth --user testuser --from test@src.com --to user@destination.com --body-plain "Hello"

If the mail goes through and you can receive the mail on the receiver side, that means this SMTP server accepts open-realay. This could be a problem. Your SMTP server may be blacklisted and nobody can reach it.

You can use the above steps to test your SMTP server and fix the vulnerability.

oliver

Leave a Reply

Your email address will not be published.