SMTP User Enumeration

SMTP stands for Simple Mail Transfer Protocol is a TCP/IP protocol for sending E-mail messages between servers.SMTP usually is implemented to operate over Internet port 25. Nmap (Network Mapper) is the most popular port scanner which is designed to probe a server or host for open ports.

The following are the open ports that I identified on Open-xchange’s Sandbox domain (

Port Scanning Via Nmap

The SMTP user enumeration can be performed automatically via Metasploit, smtp_enum module will connect to a given mail server and use a wordlist to enumerate users that are present on the remote system.

SMTP User Enumeration Via Metasploit

This leakage can be avoided by disallowing the execution of the commands EXPN,VRFY and RCPT.

After reporting this issue, Open-xchange resolved the vulnerability and rewarded me the bounty and it was my first bug bounty :)



Self-learner |Bug Hunter|

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store