Introduction
Mail servers are available in almost any organization because e-mail has taken over as the preferred communication channel for obvious reasons. The importance of the role of mail servers depends on the information stored in them. Attackers often compromise an e-mail account and proceed to take over all other accounts found using the forgot password functionality available in almost every web application. Sometimes, compromised accounts are simply eavesdropped for months without anyone noticing, and they may even be abused by spammers. Therefore, any good system administrator knows that it is essential to have a secure mail server.
In this chapter, I will go through different NSE tasks to administer and monitor mail servers. I will also show the offensive side available to penetration testers. We will cover the most popular mail protocols, such as SMTP, POP3, and IMAP.
We will review tasks such as retrieving capabilities, enumerating users, and even brute forcing passwords for...
