SMTP User Enumeration

Akash c
2 min readJul 31, 2017


SMTP stands for Simple Mail Transfer Protocol is a TCP/IP protocol for sending E-mail messages between servers.SMTP usually is implemented to operate over Internet port 25. Nmap (Network Mapper) is the most popular port scanner which is designed to probe a server or host for open ports.

The following are the open ports that I identified on Open-xchange’s Sandbox domain (

Port Scanning Via Nmap

The SMTP user enumeration can be performed automatically via Metasploit, smtp_enum module will connect to a given mail server and use a wordlist to enumerate users that are present on the remote system.

SMTP User Enumeration Via Metasploit

This leakage can be avoided by disallowing the execution of the commands EXPN,VRFY and RCPT.

After reporting this issue, Open-xchange resolved the vulnerability and rewarded me the bounty and it was my first bug bounty :)