# SMTP

Nmap script: [smtp-open-relay](https://nmap.org/nsedoc/scripts/smtp-open-relay.html)

`telnet <FQDM/IP> 25`

<table data-header-hidden><thead><tr><th width="193">Command</th><th>Description</th></tr></thead><tbody><tr><td><code>AUTH PLAIN</code></td><td>AUTH is a service extension used to authenticate the client.</td></tr><tr><td><code>HELO</code></td><td>The client logs in with its computer name and thus starts the session.</td></tr><tr><td><code>MAIL FROM</code></td><td>The client names the email sender.</td></tr><tr><td><code>RCPT TO</code></td><td>The client names the email recipient.</td></tr><tr><td><code>DATA</code></td><td>The client initiates the transmission of the email.</td></tr><tr><td><code>RSET</code></td><td>The client aborts the initiated transmission but keeps the connection between client and server.</td></tr><tr><td><code>VRFY</code></td><td>The client checks if a mailbox is available for message transfer.</td></tr><tr><td><code>EXPN</code></td><td>The client also checks if a mailbox is available for messaging with this command.</td></tr><tr><td><code>NOOP</code></td><td>The client requests a response from the server to prevent disconnection due to time-out.</td></tr><tr><td><code>QUIT</code></td><td>The client terminates the session.</td></tr></tbody></table>

## Tools

Metasploit (msfconsole) module: `scanner/smtp/smtp_enum`

[smtp-user-enum](https://www.kali.org/tools/smtp-user-enum/)