Port : 25, 587, 465, 2525
👁️ Enummeration
👉 Overview
What ?
SMTP, or Simple Mail Transfer Protocol, is a protocol that is used for sending e-mail messages between servers. Most e-mail systems that send mail over the Internet use SMTP to send messages from one server to another. The messages can then be retrieved with an e-mail client using either POP or IMAP. In essence, SMTP provides a set of codes that simplify the communication of email messages between email servers. It's a type of shorthand that allows a server to break up different parts of a message into categories the other server can understand.
Why ?
SMTP is vital to the operation of the internet, particularly for the transmission of email. It enables the sending and receiving of email messages across different networks and systems. Without SMTP, communication through email would not be possible on the scale we see today. Understanding SMTP is therefore crucial for anyone working in IT or cybersecurity, as it forms the foundation for any work with email systems or related applications.
How ?
SMTP works through a process of commands and responses between the client and the server. The process begins with the client initiating a TCP (Transmission Control Protocol) connection with the server. Once the connection is established, the client sends a series of commands, to which the server responds with numeric codes indicating status. Once the email is delivered and the transmission is complete, the client terminates the connection. SMTP uses port 25 by default, but emails sent via SSL/TLS, a method of encrypting SMTP, often use port 465 or 587.
When ?
SMTP was first defined by RFC 821 in 1982, and it has been updated several times since to the current standard, SMTP UTF8, defined in RFC 6531 in 2012. SMTP has been at the heart of email communication since the early days of the internet, and it continues to serve as a fundamental protocol in the world of digital communication.
⚙️ Technical Explanations
SMTP communication consists of a client-server architecture, where the client is typically the email sender's Mail User Agent (MUA) and the server is the Mail Transfer Agent (MTA).
Here's a detailed breakdown of the SMTP communication process:
- Establishing the Connection: The SMTP client (sender's MUA) starts the process by establishing a TCP connection with the SMTP server (receiver's MTA) on the designated port (often port 25).
- SMTP Greetings: Once the connection is established, the SMTP server sends a 220 "service ready" reply to the client, which responds with a HELO (or EHLO for Extended SMTP) command and its domain.
- Mail Transaction: Following the successful exchange of greetings, the client starts a mail transaction. It sends the MAIL FROM command with the sender's email address, which the server acknowledges with a 250 "OK" reply. The client then sends the RCPT TO command with the recipient's email address, which is also acknowledged by the server.
- Email Body Transmission: After the server has accepted the sender and recipient details, the client sends the DATA command to signal that it's ready to send the email body. The server replies with a 354 "start mail input" reply, after which the client sends the email body, ending with a line containing just a period (.). The server then acknowledges the successful receipt of the email body with a 250 reply.
- Terminating the Connection: The client can then send a QUIT command to terminate the connection, to which the server responds with a 221 "closing connection" reply.
SMTP's simplicity, ease of implementation, and ability to work across a variety of systems has made it the de facto protocol for email transmission. However, it's worth noting that SMTP is inherently insecure as it transmits messages in plain text, making it vulnerable to eavesdropping. Therefore, it's often used with other protocols like SSL/TLS for encryption and SPF, DKIM, and DMARC for email authentication and integrity checks.
Remember that SMTP is primarily for sending email. For retrieving and storing received mail, other protocols like IMAP (Internet Message Access Protocol) or POP3 (Post Office Protocol version 3) are employed.
🖇️ References
- https://fr.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
- https://book.hacktricks.xyz/network-services-pentesting/pentesting-smtp/smtp-commands
- https://book.hacktricks.xyz/network-services-pentesting/pentesting-smtp
- https://luemmelsec.github.io/Pentest-Everything-SMTP/
- https://vk9-sec.com/smtp-injection-attack/