SMTP Fun

20,066

28

40

Posted

Introduction: SMTP Fun

This instructable is about hacking and just messing around with the SMTP servers in general. I will show you how to use nslookup to find out what your email's SMTP server is, how to telnet into it, and how to send mail from the server to yourself or other people.

note: FUBAR stands for something along the lines of "F***** Up Beyond All Recognition

Step 1: Getting the Names & Numbers

Ok, time for nslookup! Go to Start-->Run and type in: "cmd" and press enter. When the command prompt comes up, type in "nslookup", and then press enter. The command prompt should now have stuff written on the screen about your IP address, and about your ISP (Internet Service Provider). Now, type in:

set type=mx
(your email server here)

This should display your email provider's email servers.

Step 2: Finding the Right Address and Telneting In

From the last step, you can see a lot of different stuff that looks like gibberish to the untrained eye. But fear not, for I shall help you in this time of need! First, you only want to pay attention to the block of addresses at the top that are formated in a table. Bring up the command prompt, and type in:

telnet (first address here) 25

If you get a response from the server saying something like:

220 mx.google.com ESMTP 31si4851324nfu

Then you are all set up to go to Step 3: Mail Time! If not, and you get something like this instead:

Connecting to google.com.....Could not open connection to the host, on port 25: Connect failed

Then you need to repeat this step with the next server down the list. If you have exhausted your list from nslookup, and still had no luck, then there is probably a problem with your ISP or the people on that email service don't allow inbound telntet connections. For example, I have been told that AOL users can't telnet, but I can not test it because I don't have AOL.

Step 3: Mail Time!

As you can see in the pictures, I used these commands, in this order:
helo -- this preps the server for the mail address

mail from: -- This is who it sends from.

rcpt to: -- This is who it sends to.

data -- This tells it the following is the message

From:something here }
To:something here } These are some headers.
Subject:something else here }

(message here) -- this is the message

. -- this tells the server end of data, send it now.

exit -- exit the connection

As you can see in the pictures, pressing backspace does not work very well. :(

Share

Recommendations

  • Epilog Challenge 9

    Epilog Challenge 9
  • Sew Warm Contest 2018

    Sew Warm Contest 2018
  • Gluten Free Challenge

    Gluten Free Challenge
user

We have a be nice policy.
Please be positive and constructive.

Tips

Questions

39 Comments

421 Cannot connect to SMTP server 65.55.37.120 (65.55.37.120:25), connect timeout

Connection to host lost.


/\ That's what keeps happening on lots of servers I try...

this is spoofing mail...technically not the most legal thing...but if the server doesn't have it's relays turned off...then well...it's they're fault MOST public mail servers (gmail included) won't actually let you send mail from them via telnet....most of them have their relay permissions set correctly to only allow mail to be sent from specified locations (such as the server you connect to at gmail.com)....if the server doesn't recognize your IP address...it will reject the mail with "unable to forward for" kind of messages...or if you don't try to send FROM an actual email address in their system it will fail...etc......every once in a while you CAN in fact find a mail server that's not locked down...and you can send mail however you like...but this day and age...that's getting rare

Ya. I used to do this all the time a few years back, but they started to pick up on the security. So far you can usually only do this stuff on third party websites.

What kind of websites can you still do this on?

Doesn't work for me,,, a little help? I attached what I typed and the result I got after I pressed the enter key. after I pressed the enter key, the telnet screen was blank for 15-20 seconds and then showed that error. -J

telnet1.pngtelnet2.png

Use the mail exchange with the lowest number for preference. You used the 4th alternate, try the main one instead.

Thanks for the suggestion, I tried it but to no avail. Am I getting this because my server is my wireless router?

What do you mean by that?

In the first picture when I type "nslookup" I don't get my web providers domain, I get my wireless router. I tried connecting to smtp.gmail.com and got a reply immediately though. However it told me I didn't have the right authentication. After testing some more later that night, I remembered I can use the "tracert" command to trace the ip address map all the way to a server. So I did:
tracert google.com
tracert yahoo.com
and looked at the similar addresses, the main ones happened to be from att.net. Then I went to this site: http://www.smtpinfo.com/smtp_servers.php and tried to used the mailhost.worldnet.att.net  and I was able to send one (yay!) except I couldn't get the subject field, the from: field, or the To: field to be filled. Even though I had to specify the MAIL FROM: and the RCPT TO: before I could send it.

yeah.. gmail may have gotten better about unauthorized smtp. there are still others that allow it though.