SMTP Relay: How to Test a mailserver Relay
How to Test Mail Relay for Vulnerabilities: Learn the difference between SMTP Relay and Server, and use testing tools like TelNet, SMTPCli and MailSlurp.
It might be challenging to test a relay for the first time. You will discover in this article how to approach the process easily. Let's start by explaining the definitions of some terms you might encounter.
What is the Difference Between SMTP Relay and SMTP Server?
First, SMTP relay describes the process of sending emails to a specific SMTP server. A relay exists between the MSA and the MDA if the sender and the recipient are on different domains (served by different SMTP servers).
As a result, if an email is sent from a related domain without using a different server, it does not count as an email relay. When testing an SMTP relay, you must test the actual SMTP server that relays emails because an SMTP relay frequently refers to the SMTP relay server, also referred to as a mail transfer agent (MTA).
Open Relay Testing: What Is It?
An SMTP server that has been incorrectly configured and allows email to be forwarded by unauthorized parties is known as an open relay. Spammers can connect to the server and send emails using it while falsifying the message's sender information.
How do I perform the open relay test, then? You can use the RCPT TO and MAIL FROM commands to send an email to a different domain while telneting to the server. If no authentication request was made and the final response code is 250, your server is an open relay.
Is Telnet the Only Way to Test SMTP Relay?
The most popular method for determining whether the mail server permits relaying of a specific domain is through Telnet. Telneting to your SMTP server will typically be sufficient to identify common connection problems.
However, you need to use a MIME tool to create authentication strings manually using Telnet. Additionally, because SSL and TLS connections have restrictions, there aren't any built-in SMTP commands or macros, and you should expect frequent server disconnections.
With that in mind, we decided to put Telnet away and introduce other ways to troubleshoot the SMTP relay.
Testing SMTP Relay Server Connection
The SMTP-CLI is a good Telnet substitute. SMTP-CLI is an SMTP command line client that supports STARTTLS, SMTP-AUTH, and several other sophisticated features.
Installation
The GitHub releases page has links to the most recent version of SMTP-CLI. As an alternative, you can download a widget and install it using the proper command using a download utility:
$ wget -o smtp https://github.com/mludvig/smtp-cli/releases/{LATEST_RELEASE}
$ chmod +x smtp**
Users of Ubuntu are to install the following packages:
$ sudo apt install libio-socket-ssl-perl libdigest-hmac-perl libterm-readkey-perl libmime-lite-perl libfile-libmagic-perl libio-socket-inet6-perl
SMTP relay test
Test the local host first by connecting to the server and watching the fundamental SMTP back and forth.
$ ./smtp --verbose --server localhost
[220] 'localhost ESMTP'
> EHLO localhost
[250] 'localhost'
[250] 'PIPELINING'
[250] 'SIZE 40960000'
[250] 'ETRN'
[250] '8BITMIME'
> QUIT
[221] 'Bye'
You can attempt to send an email through the server that requires authentication to test the relay. This is how the SMTP session will appear:
$ ./smtp --verbose --host smtp.example.com:587 --enable-auth --user test --from test@example.com --to user@test.org --data message.txt
[220] 'smtp.example.com ESMTP'
> EHLO localhost
[250] 'smtp.example.com'
[250] 'PIPELINING'
[250] 'SIZE 10240000'
[250] 'VRFY'
[250] 'ETRN'
[250] 'AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5'
[250] 'AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5'
[250] 'XVERP'
[250] '8BITMIME'
AUTH method (PLAIN LOGIN DIGEST-MD5 CRAM-MD5): using CRAM-MD5
> AUTH CRAM-MD5
[334] 'sdfssfsdjkfskjfC4yNjAwOTYwQHNlcnZlci5kb21haW4udG9wPg=='
> dGVzdCBmOTUyY2RkM2VlODBiMzk1YjYsdfhsdfsodgdfs2ExZnJvb3Q=
[235] 'Authentication successful'
Authentication of test@localhost succeeded
> MAIL FROM: <test@example.com>
[250] 'Ok'
> RCPT TO: <user@test.org>
[250] 'Ok'
> DATA
[354] 'End data with <CR><LF>.<CR><LF>'
[250] 'Ok: queued as C5C3A299D7'
> QUIT
[221] 'Bye'
Using SMTP Server Connection Diagnostics Tool as an Alternative to Test A Relay
You can perform this test using the Socket Labs-created SMTP Server Connection Diagnostics Tool. It is more secure than telnet, supports open and SSL connections, and has built-in authentication.
You can test relaying without manually entering each command. The tool has a library of macros that makes the testing process easier.
Here, installing the tool is not necessary. You download and run it.
SMTP relay test
Step 1: Connect to the server
In the tool's left-hand corner, click Connect after selecting Actions. Enter the server name and port for your SMTP server. Maintain the LocalIp setting as the default, then click Connect.
Step 2: Test relaying
Utilize the integrated command macros to send emails from your SMTP server. The flow is the same as with telnet. The distinction is that you don't have to carry out every task manually.
Using Swaks to Test SMTP Setups
The Perl tool called Swaks is used to test SMTP configurations on the command line. It's a dinosaur tool; the first release was in 2003.
Installation
To install swaks on Ubuntu, run the following commands:
apt-get install swaks
on macOS
brew install swaks
SMTP relay test
Assume you have an SMTP server named smtp.example.com that permits relaying for duly authenticated users. To test this, do the following:
swaks --to external-user@yahoo.com --from=john@example.com --auth --auth-user=john --auth-password=hell-no --server smtp.example.com
This is how the conversation will look:
[250] smtp.example.com Hi remote.server.name [1.2.3.4]
[250] PIPELINING
[250] AUTH PLAIN CRAM-MD5
> AUTH CRAM-MD5
[334] PGQ4Zc129eriQHNreC54ZW4taG9zpiesZy5uZXQ+
> c3Rldsublimina20404NmJjswimM2M4M2VkM2IsmileMDg=
[235] Authentication successful for john - Authenticated john;
relaying permitted
> MAIL FROM:<john@example.com>
[250] <john@example.com>, sender OK - how exciting to get mail from
you!
> RCPT TO:<external-user@yahoo.com>
[250] <external-user@yahoo.com>, recipient ok
> DATA
[354] Send data
> Date: Sun, 05 Apr 2019 21:24:34 +0100
> To: external-user@yahoo.com
> From: john@example.com
> Subject: Test email
> X-Mailer: swaks v202384.0 jetmore.org/john/code/#swaks
>
> This is a test mailing
> .
[250] Queued!
> QUIT
[221] closing connection
=== Connection closed with remote host.
Using Web-based tools to test SMTP relay
You can use online tools to test relays; enter your SMTP server information and press the button. The DNS Exit is one of the tools for testing mail servers for this. MailSlurp is another great relay test tool.
Along with other email-related services, DNS EXIT provides a variety of static/dynamic DNS services. By telneting to your SMTP server and using their Mail Server Testing Tool, you can attempt to deliver the message. If there are any configuration mistakes, the tool will let you know and offer you suggestions on how to fix them.
Conclusion
By learning how to test SMTP relay server connections, you can quickly identify any problems you might be experiencing when connecting to your SMTP server. You might be dealing with issues like the SMTP server's inability to send messages, a communication restriction on the server, a broken server connection, and more.
