Detecting backdoor SMTP servers

Compromised servers might have rogue SMTP servers installed and abused by spammers. System administrators can use Nmap to help them monitor mail servers in their network.

This recipe shows how to detect rogue SMTP servers by using Nmap.

How to do it...

Open your terminal and enter the following Nmap command:

$ nmap -sV --script smtp-strangeport <target>

If a mail server is found on a non-standard port, it will be reported in the script output section:

PORT    STATE SERVICE  VERSION 
9999/tcp open  ssl/smtp Postfix smtpd 
|_smtp-strangeport: Mail server on unusual port: possible malware

How it works...

The script smtp-strangeport was submitted by Diman Todorov. It detects SMTP servers running on non-standard ports, which ...

Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nmap 6: Network Exploration and Security Auditing Cookbook by Paulino Calderon Pale

Detecting backdoor SMTP servers

How to do it...

How it works...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly