Description

The SMTP (Simple Mail Transfer Protocol) HELO request is part of the SMTP protocol used for sending email messages. When a client (usually an email server) initiates a connection to another email server to deliver an email, the first step is the greeting phase. During this phase, the client sends a HELO (or EHLO) command to the receiving server.

It's important to note that some servers use the EHLO command instead of HELO. EHLO is an extended version of HELO and provides additional capabilities, such as supporting SMTP extensions like STARTTLS and authentication mechanisms. The usage of HELO or EHLO depends on the server's capabilities and the specific SMTP conversation between the client and server.

    Shelled@htb[/htb]$ telnet 10.129.211.225 25
    Trying 10.129.211.225...
    Connected to 10.129.211.225.
    Escape character is '^]'.
    220 WIN-02 ESMTP
    HELO x 
    250 Hello.
    

Definitions

• Do I need to send a HELO/EHLO request?

Description

The "EXPN" command was intended to be used to expand mailing lists. When an email server received an "EXPN" command, it would reveal the full list of email addresses belonging to a mailing list or alias. The idea was to allow senders to verify which email addresses were members of a specific list before sending a message.

Due to the security concerns and lack of use, modern SMTP servers have generally deprecated or disabled the "EXPN" command, and it's now considered an outdated and unsupported SMTP extension. If you encounter any references to "EXPN" in SMTP, it is essential to be aware of its history and lack of current support.

    Shelled@htb[/htb]$ telnet 10.10.110.20 25

    Trying 10.10.110.20...
    Connected to 10.10.110.20.
    Escape character is '^]'.
    220 parrot ESMTP Postfix (Debian/GNU)


    EXPN john

    250 2.1.0 john@inlanefreight.htb


    EXPN support-team

    250 2.0.0 carol@inlanefreight.htb
    250 2.1.5 elisa@inlanefreight.htb

Definitions

• What is a distribution list?
• What is the 250 code?
• What is the 220 code?

Description

The "VRFY" command is used to verify the existence of an email address on the receiving mail server. When an SMTP client issues the "VRFY" command followed by an email address, the server responds with information about the validity of that address.

The "VRFY" command is often disabled or restricted on modern SMTP servers due to security and privacy concerns. In the past, it was a common target for email address harvesting by spammers, who used it to gather valid email addresses. To prevent abuse and protect user privacy, many SMTP servers now either disable or limit the functionality of the "VRFY" command. As a result, the "VRFY" command is rarely used in practice today.

    Shelled@htb[/htb]$ telnet 10.10.110.20 25

    Trying 10.10.110.20...
    Connected to 10.10.110.20.
    Escape character is '^]'.
    220 parrot ESMTP Postfix (Debian/GNU)


    VRFY root

    252 2.0.0 root


    VRFY www-data

    252 2.0.0 www-data


    VRFY new-user

    550 5.1.1 <new-user>: Recipient address rejected: User unknown in local recipient table

Definitions

• What is the 550 code?
• What is the 252 code?
• What is the 220 code?

Description

The "RCPT TO" command is used to specify the email address of the recipient(s) (also known as the envelope recipient(s) or forward path). This command tells the receiving mail server who should receive the email. The "RCPT TO" command can be used multiple times to specify multiple recipients. Note that some mail servers may want the email to be encased in angle brackets: RCPT TO:<josh@shelled.io>

    Shelled@htb[/htb]$ telnet 10.10.110.20 25

    Trying 10.10.110.20...
    Connected to 10.10.110.20.
    Escape character is '^]'.
    220 parrot ESMTP Postfix (Debian/GNU)


    MAIL FROM:test@htb.com
    it is
    250 2.1.0 test@htb.com... Sender ok


    RCPT TO:julio

    550 5.1.1 julio... User unknown


    RCPT TO:kate

    550 5.1.1 kate... User unknown


    RCPT TO:john

    250 2.1.5 john... Recipient ok

Definitions

• What is the 550 code?
• What is the 250 code?
• What is the 220 code?
• What is the MAIL FROM: ?

Description

The SMTP (Simple Mail Transfer Protocol) command "NOOP" stands for "No Operation." It is a command used to perform a null operation, meaning it doesn't have any real functionality other than keeping the connection alive and checking if the server is still responding.

The primary purpose of the NOOP command is to serve as a kind of "ping" or "heartbeat" between the client (email server or client) and the server (email server) during an SMTP session. When a client sends the NOOP command, the server will respond with a success code (usually 250 OK) to indicate that it has received the command successfully.

Description

The SMTP (Simple Mail Transfer Protocol) command "QUIT" is used to terminate an SMTP session gracefully. When a client (email server or client) sends the QUIT command to the SMTP server, it indicates that the client has finished sending email messages and wants to close the connection.

    QUIT
    221 goodbye
    Connection closed by foreign host.