A SMTP server provides mail relay/delivery services. A SMTP server without limiting mail relaying for outside machines would become serious security problem.
A good and secure SMTP server should not provide open-relay function to the public.
We can use “smtp-cli” program to test if a SMTP server provides open-relay function.
Installation
- Go to https://github.com/mludvig/smtp-cli/
- Download the latest version of program.
- Unzip it.
(Optional)
Sometimes you need more libraries. The followings may be required if you are running Ubuntu
apt install libio-socket-ssl-perl libdigest-hmac-perl libterm-readkey-perl libmime-lite-perl libfile-libmagic-perl libio-socket-inet6-perl
Local Test
First, let’s test the program on the local SMTP server.
./smtp-cli --verbose --server localhost
Test Remote SMTP Server
Test port 25
./smtp-cli --verbose --host xxx.abc.com:25 --from test@src.com --to user@destination.com --body-plain "Hello"
Test port 587
./smtp-cli --verbose --host xxx.abc.com:587 --enable-auth --user testuser --from test@src.com --to user@destination.com --body-plain "Hello"
If the mail goes through and you can receive the mail on the receiver side, that means this SMTP server accepts open-realay. This could be a problem. Your SMTP server may be blacklisted and nobody can reach it.
You can use the above steps to test your SMTP server and fix the vulnerability.