Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🏠 Back to Blog

SMTP (Simple Mail Transfer Protocol)

Overview

SMTP (Simple Mail Transfer Protocol) is a protocol used for sending and receiving email messages over the internet. It is a text-based protocol that operates on the application layer of the OSI model and is primarily used for sending emails from a client to a mail server or between mail servers.

SMTP is often combined with IMAP or POP3 protocols, which are used for retrieving and storing emails on a mail server.

SMTP Definitions

  • MTA (Mail Transfer Agent): A software application that transfers email messages from one computer to another using SMTP.
  • MUA (Mail User Agent): A software application that allows users to read and
  • MSA (Mail Submission Agent): A software application that accepts email messages from MUAs and forwards them to MTAs for delivery.
  • MDA (Mail Delivery Agent): A software application that delivers email messages to the recipient’s mailbox.
MUA -> MSA -> MTA -> MDA -> Recipient's Mailbox (POP3/IMAP for retrieval)

How SMTP Works

  • SMTP uses a client-server architecture, where the email client (sender) communicates with the mail server (receiver) to send email messages.
  • The client establishes a connection to the mail server using TCP (Transmission Control Protocol) on port 25 (or port 587 for secure connections).
  • The client sends a series of commands to the server, including the sender’s email address, recipient’s email address, and the message content.
    • The commands are:
      • HELO/EHLO: Initiates the conversation between the client and server.
      • MAIL FROM: Specifies the sender’s email address.
      • RCPT TO: Specifies the recipient’s email address.
      • DATA: Indicates that the message content will follow.
      • QUIT: Ends the session.

ESMTP Extensions

  • Most modern servers support Extended SMTP (ESMTP), which adds additional features and capabilities to the standard SMTP protocol.
  • ESMTP introduces new commands such as:
    • AUTH: Used for authentication of the client.
    • STARTTLS: Used to initiate a secure connection using TLS (Transport Layer Security).
    • SIZE: Allows the client to specify the size of the message being sent.
    • 8BITMIME: Allows the transmission of 8-bit data.
    • DSN: Provides delivery status notifications.
    • etc…

Default Configuration (Postfix)

  • Postfix is a popular open-source mail transfer agent (MTA) that implements the SMTP protocol.
  • Default configuration settings can typically be found at /etc/postfix/main.cf: 
    [!bash!]$ cat /etc/postfix/main.cf | grep -v "#" | sed -r "/^\s*$/d"

smtpd_banner = ESMTP Server 
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = mail1.inlanefreight.htb
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtp_generic_maps = hash:/etc/postfix/generic
mydestination = $myhostname, localhost 
masquerade_domains = $myhostname
mynetworks = 127.0.0.0/8 10.129.0.0/16
mailbox_size_limit = 0
recipient_delimiter = +
smtp_bind_address = 0.0.0.0
inet_protocols = ipv4
smtpd_helo_restrictions = reject_invalid_hostname
home_mailbox = /home/postfix

(E)SMTP Commands

CommandDescription
AUTH PLAINAUTH is a service extension used to authenticate the client.
HELOThe client logs in with its computer name and thus starts the session.
MAIL FROMThe client names the email sender.
RCPT TOThe client names the email recipient.
DATAThe client initiates the transmission of the email.
RSETThe client aborts the initiated transmission but keeps the connection.
VRFYThe client checks if a mailbox is available for message transfer.
EXPNThe client also checks if a mailbox is available for messaging.
NOOPThe client requests a response to prevent disconnection due to time-out.
QUITThe client terminates the session.

Interacting with SMTP Servers

  • Tools like telnet or netcat can be used to manually interact with SMTP servers for testing and debugging purposes. 
    [!bash!]$ telnet 10.129.14.128 25

Trying 10.129.14.128...
Connected to 10.129.14.128.
Escape character is '^]'.
220 ESMTP Server 


HELO mail1.inlanefreight.htb

250 mail1.inlanefreight.htb


EHLO mail1

250-mail1.inlanefreight.htb
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
  • A list of all SMTP response codes can be found here: https://serversmtp.com/smtp-error/

Security Considerations

  • The sender of an email can easily spoof the “From” address, making it appear as if the email is coming from a different source. This is because SMTP does not have built-in mechanisms for verifying the authenticity of the sender. However, DKIM and SPF are two widely used methods to help mitigate this issue. ESMTP with STARTTLS can also help secure the transmission of emails.

DKIM (DomainKeys Identified Mail)

  • DKIM is an email authentication method that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain.
  • It uses a digital signature, which is added to the email header, to verify the authenticity of the message.

SPF (Sender Policy Framework)

  • SPF is an email authentication method that allows the owner of a domain to specify which mail servers are authorized to send email on behalf of that domain.
  • It helps to prevent email spoofing by allowing the receiver to check the SPF record of the sender’s domain.
  • SPF records are published in the DNS (Domain Name System) as TXT records.

Open Relay Attack