Skip to content

cfindlayisme/smtp-tester

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

smtp-tester

A mail security scanner that audits SMTP servers and domain mail configuration. Performs both passive DNS-based checks and active connection-based checks.

Install

go build -o smtp-tester .

Usage

# Scan a domain (passive DNS checks only)
smtp-tester --domain example.com

# Scan a domain with connection-based checks
smtp-tester --domain example.com --invasive

# Scan a specific host directly
smtp-tester --host 192.168.1.10 --invasive

# Custom port and timeout
smtp-tester --domain example.com --port 587 --timeout 15 --invasive

Flags

Flag Default Description
--domain Domain to scan (MX lookup + all DNS checks)
--host SMTP host IP/hostname to connect to directly
--port 25 SMTP port
--timeout 10 Connection timeout in seconds
--invasive false Enable connection-based checks

Checks

Passive (DNS-only, always run with --domain)

Check Description
MX Lookup Discovers mail servers, sorted by priority
SPF Parses v=spf1 record, evaluates policy strength (-all, ~all, +all)
DMARC Parses _dmarc TXT record, shows policy, subdomain policy, report addresses
DKIM Probes 25+ common selectors (google, selector1, k1, default, etc.)
Reverse DNS (PTR) Checks if PTR record matches forward hostname (FCrDNS)
DNSBL Checks 8 major blacklists (Spamhaus, SpamCop, Barracuda, SORBS, etc.)

Invasive (connection-based, requires --invasive)

Check Description
Banner Fingerprint Grabs 220 banner, identifies server software (Postfix, Exim, Exchange, etc.)
EHLO Extensions Parses AUTH methods, SIZE limit, PIPELINING, 8BITMIME, DSN, STARTTLS
STARTTLS + TLS Audit Tests STARTTLS negotiation, TLS version, cipher, certificate validation
Open Relay Tests if server relays mail for external addresses
Catch-All Detection Tests if server accepts mail for any address
User Enumeration VRFY then RCPT TO against a basic wordlist (25 common usernames)

Port Probe

Always runs — checks if the SMTP port is reachable before attempting connection checks. Reports latency, timeout, or refused status.

Project Structure

smtp-tester/
├── main.go              # CLI flags, orchestration
├── models/
│   └── models.go        # Finding, ScanSummary, BasicWordlist
├── output/
│   ├── colors.go        # ANSI color constants
│   └── display.go       # Banner, status functions, summary printer
└── checks/
    ├── spf.go           # SPF record check
    ├── dmarc.go         # DMARC record check
    ├── dkim.go          # DKIM selector probing
    ├── ptr.go           # Reverse DNS check
    ├── dnsbl.go         # Blacklist check
    ├── banner.go        # SMTP banner fingerprinting
    ├── extensions.go    # EHLO extensions parsing
    ├── tls.go           # STARTTLS + certificate audit
    ├── relay.go         # Open relay check
    ├── catchall.go      # Catch-all detection
    └── enumerate.go     # User enumeration (VRFY/RCPT TO)

Liability

None. Use responsibly at your own risk on systems you are authorized to test.

About

Mail security scanner — audits SPF, DKIM, DMARC, TLS, open relay, and user enumeration against SMTP servers

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages