SMTPTester - Tool To Check Common Vulnerabilities In SMTP Servers

SMTPTester is a python3 tool to test SMTP server for 3 common vulnerabilities: Spoofing - The ability to send a mail on behalf of an internal user Relay - Using this SMTP server to send email to other address outside of the organization user enumeration - using the SMTP VRFY command to check if...

Zendesk: SMTP user enumeration via mail.zendesk.com

Several methods exist that can be used to ██████████ SMTP to enumerate valid usernames and addresses; namely VRFY, EXPN, and RCPT TO. mail.zendesk.com does not reply to EXPN or RCPT TO so we will concentrate on VRFY in this report. The VRFY command will request that the receiving SMTP server veri...

LocalTapiola: Abusing and Hacking the SMTP Server secure.lahitapiola.fi

Issue The reporter found one SMTP-server secure.lahitapiola.fi in the LocalTapiola network which had some issues. The SMTP server had some options turned on that could potentially lead to leaking information about email-addresses using the VRFY-command. The ETRN was also found to be - at least to...

smtp-enum-users NSE Script

Attempts to enumerate the users on a SMTP server by issuing the VRFY, EXPN or RCPT TO commands. The goal of this script is to discover all the user accounts in the remote system. The script will output the list of user names that were found. The script will stop querying the SMTP server if...

VRFY Command Information Disclosure

Binary data 2022.prm...

CVE-1999-0819

NTMail contains a vulnerability where the VRFY command is not disabled even when an administrator disables it. This can expose user verification handling to the network, with partial confidentiality impact as indicated in the CVSS metrics (Network access, low attack complexity, no authentication ...

CVE-1999-0819

NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it...

CVE-1999-0819

NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it...

slmail3.1.txt

Date: Thu, 4 Feb 1999 13:51:32 -0800 From: Marc To: [email protected] Subject: Multiple SLMail Vulnerabilities eEye Digital Security Team www.eEye.com [email protected] February 04, 1999 Multiple SLMail Vulnerabilities Systems Affected SLMail 3.1 Release Date February 04, 1999 Advisory...

Multiple Mail Server EXPN/VRFY Information Disclosure

The remote SMTP server answers to the EXPN and/or VRFY commands. The EXPN command can be used to find the delivery address of mail aliases, or even the full name of the recipients, and the VRFY command may be used to check the validity of an account. Your mailer should not allow remote users to u...

Ipswitch IMail / SLMail VRFY Command Remote Overflow

It was possible to crash the affected SMTP service by sending a VRFY command with a long argument. This attack is known to affect certain versions of Ipswitch IMail and Seattle Labs' SLMail, although products from other vendors may also be affected. An unauthenticated, remote attacker can leverag...

CVE-1999-0231

Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 packages using a long VRFY command, causing a denial of service and possibly remote access...