• 👉 Overview
• 👀 What ?
• 🧐 Why ?
• ⛏️ How ?
• ⏳ When ?
• ⚙️ Exploitation
• Manual
• Nmap
• 🖇️ Références

👉 Overview

👀 What ?

SMTP Open Relay (also known as SMTP Relay) is a protocol configuration where an SMTP server allows third-party relay of email messages. In simpler terms, it is a setting that allows a mail server to send emails that are neither to nor from local users. SMTP Open Relay was originally designed to facilitate easier communication and server-to-server email transfer.

🧐 Why ?

SMTP Open Relay is an important topic in cybersecurity because of its potential for misuse. While it was designed with good intentions, it can be exploited by spammers to send large amounts of unwanted mail, which can lead to the server being blacklisted by spam filters. This makes it a crucial subject of understanding for anyone managing an email server or studying network security.

⛏️ How ?

SMTP Open Relay can be configured on an SMTP server, allowing it to relay messages from any sender to any recipient. However, due to the potential for misuse, it is often recommended to limit this functionality to trusted networks or authenticated users. This can be done using different mechanisms depending on the specific mail server software in use.

⏳ When ?

SMTP Open Relay was initially a common configuration in the early days of the internet, when networks were more trusted and spam was less of a problem. However, as the internet grew and spam became more prevalent, the use of open relays declined. They are now generally considered a security risk and their use is discouraged. While you will rarely, if ever, find fully open relays in the wild today, it's not uncommon to find partially open relays, especially within internal networks. Partially open relays are configured to only relay mail for authenticated users or specific IP addresses. This means that while they can still be used to send email from within the network or by authenticated users, they can't be exploited by anonymous users on the internet to send spam or carry out other malicious activities.

⚙️ Exploitation

Manual

Nmap

To test for open relay you can use nmap script :

nmap -sV --script smtp-open-relay -v <target>

🖇️ Références

• https://threatmon.io/what-is-smtp-open-mail-relay-vulnerability/
• https://subscription.packtpub.com/book/security/9781786467454/6/ch06lvl1sec91/detecting-smtp-open-relays
• https://www.blackhillsinfosec.com/how-to-test-for-open-mail-relays/