You can connect to your mail server SMTP service on TCP port 25 using a Telnet or Netcat client and send email to your own account with the following code, where "IP" is the IP address of the server:
telnet IP 25
helo
mail from
rcpt to
enter message here, followed by a full stop on a new line
.
Also, check whether your email server divulges your internal users by supporting the EXPN and VRFY commands (for example, VRFY administrator -> admin@company.com):
' telnet
help - does it show EXPN / VRFY to be supported?
EXPN administrator
VRFY admin'
Finally, check if it's possible to send a spoofed email through the email server. For example, SMTP server for domain "company.com" receives an external email from user@company.com. Does your email server drop this email? It should do.
No comments:
Post a Comment