Practical SMTP Testing Labs
The best way to learn SMTP penetration testing is through hands-on practice. This page provides a series of practical labs that you can set up to safely practice the techniques described in this guide.
Important: These labs should be conducted in isolated environments to avoid any unintended impact on production systems or the internet.
Setting Up a Lab Environment
Before starting the labs, you'll need to set up a suitable environment:
- Virtualization Platform - VirtualBox, VMware, or Hyper-V
- Network Isolation - Create a private virtual network
- Base Systems - Linux VMs for both attacking and target systems
- Testing Tools - Kali Linux or similar for the attacking system
Practice basic SMTP enumeration techniques including banner grabbing, VRFY/EXPN commands, and user enumeration. Learn how to identify SMTP servers and gather information about them.
Set up a deliberately misconfigured SMTP server and practice identifying and exploiting open relay vulnerabilities. Learn how to test for and verify open relay conditions.
Practice various techniques for testing SMTP authentication security, including brute force attacks, credential interception, and authentication bypass attempts.
Learn how to assess the security of SMTP TLS implementations, including protocol versions, cipher suites, certificate validation, and STARTTLS downgrade attacks.
Set up a vulnerable web application with email functionality and practice identifying and exploiting SMTP injection vulnerabilities to manipulate email content and recipients [^4].
Practice advanced SMTP smuggling techniques by setting up a multi-hop email delivery chain with parsing inconsistencies between servers [^5].
Learn how to test email authentication mechanisms including SPF, DKIM, and DMARC. Practice spoofing emails and understand how these protections work and can be bypassed.
Conduct a complete SMTP penetration test against a complex email infrastructure with multiple servers, security controls, and common misconfigurations. Practice the entire methodology from reconnaissance to reporting.
Learn the defensive side by setting up a secure SMTP server with proper configurations, authentication, encryption, and monitoring. Then test your configuration to verify its security.
Lab Setup Instructions
Each lab includes detailed setup instructions, but here's a general approach for creating an SMTP testing environment:
1. Basic Lab Network Setup
# Network Configuration Attacker VM (Kali Linux): 192.168.56.10 Target SMTP Server (Ubuntu): 192.168.56.20 Additional Mail Server (CentOS): 192.168.56.30 Client VM (Windows): 192.168.56.40 # All systems should be on an isolated virtual network # Ensure no connection to production networks or the internet
2. Installing a Basic SMTP Server
# On Ubuntu Server sudo apt update sudo apt install postfix # Choose "Internet Site" during installation # Set system mail name to "lab.local" # Basic configuration in /etc/postfix/main.cf myhostname = mail.lab.local mydomain = lab.local myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 127.0.0.0/8 192.168.56.0/24 # Restart Postfix sudo systemctl restart postfix
3. Creating Test Users
# On the SMTP server sudo adduser user1 sudo adduser user2 sudo adduser admin # Set simple passwords for lab purposes only # In a real environment, always use strong passwords
Lab Safety Guidelines
- Isolation - Ensure lab environments are completely isolated from production networks
- Legal Compliance - Even in labs, ensure all activities comply with relevant laws
- Documentation - Document all lab activities for learning purposes
- Responsible Testing - Practice responsible testing habits even in lab environments
- Data Protection - Don't use real personal data in lab environments
Learning Progression
We recommend completing the labs in order, as they build upon each other in terms of complexity and required skills:
- Start with the basic enumeration and open relay labs to understand fundamental SMTP concepts
- Progress to authentication and encryption testing to learn about security controls
- Move on to more advanced topics like SMTP injection and smuggling
- Complete the full penetration test lab to bring all the skills together
- Finish with the defensive configuration lab to understand both sides of SMTP security