What is an SMTP scanner? [on hold]
What is an SMTP scanner? What is the importance of it and how to use it?
Category Archives: SMTP
Running open relay smtp in company network
We are producing IoT gateways which send out emails via SMTP protocol for user notifications. These IoT gateways are mainly used by corporate customers in intranets without access to or from the Internet.
Now we need to deci… Continue reading Running open relay smtp in company network
SMTP Service STARTTLS Plaintext Command Injection
We are getting this vulnerability on SUSE Linux Enterprise Server 11. This vulnerability is getting triggered on port 587 for postfix. I have checked several links but I am unable to get any relevant solution for it.
Has any… Continue reading SMTP Service STARTTLS Plaintext Command Injection
Why is hotmail mail server providing an invalid certificate?
It seems that hotmail.com mail server sitting at hotmail-com.olc.protection.outlook.com is using a TLS certificate issued to mail.protection.outlook.com.
Both the mail server hostname and TLS certificate common name belong t… Continue reading Why is hotmail mail server providing an invalid certificate?
Hydra Syntax for Charset Option -x for SMTP
I am trying to learn more about Hydra. I can’t find the syntax for accessing SMTP in which I use the character set option with -x. I have seen the general syntax but what can I omit if it’s SMTP and password range 6:10 with s… Continue reading Hydra Syntax for Charset Option -x for SMTP
Can password be stolen when doing SSL/TLS-protected IMAP/SMTP in public network
My email password has been stolen most probably while I was on vacation in another country and was using hotel’s (and maybe others, cannot remember) WiFi networks to read and optionally send emails from my Android phone.
Bounced spam messa… Continue reading Can password be stolen when doing SSL/TLS-protected IMAP/SMTP in public network
MTA Strict Transport, The Hardening
via the eponymous Ivan Ristić, whilst writing at Hardenize comes a long awaited advancement in the ancien régime mail transport, this time within a security modality – a new standard has been unveiled: SMTP Mail Transfer Agent Strict Transp… Continue reading MTA Strict Transport, The Hardening
“Safer hops for email” – EFF’s plan to cut down on email snooping
STARTTLS is the email command that switches into encrypted mode. EFF just announced “STARTTLS Everyhere” to get everyone on board… Continue reading “Safer hops for email” – EFF’s plan to cut down on email snooping
Why doesn’t SMTP check that users are authenticated to send from an address?
I think it’s a bit different from this question since it’s about SMTP, but similar idea. Wikipedia says on email spoofing:
MAIL FROM: – generally presented to the recipient as the Return-path:
header but not normally vi… Continue reading Why doesn’t SMTP check that users are authenticated to send from an address?
Close Port 587 – Ramifications?
Our recent PCI scan failed because “Plaintext authentication is allowed over unencrypted channel on SMTP.” As such, our tech support suggested to close port 587.
What are the effects of closing port 587, and will it negative… Continue reading Close Port 587 – Ramifications?