-1

I am looking at SMTP and POP3 and am trying to find the security issues with both protocols, I have found that SMTP can be easily impersonated on port 25. However I am struggling to find security issues, only standard issues like internet connection etc.

Can anyone help me find security issues with both protocols or point me in a good direction to research?

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
Sarah Jane
  • 1

1 Answers1

1

It's not really clear what you're aiming at but the most obvious security problems are probably:

  • no inherent encryption: Unencrypted connections can not only expose mail content but also username and password combinations. For best practice, all SMTP, POP3, IMAP connections should be encrypted using STARTTLS (or implicit SSL/TLS).
  • legacy SMTP provides no authentication: Configuring your server to accept and transport any message without authentication effectively makes it an open relay, prone to blocking because of spammer abuse. You should always distinguish between the user message submission role (requiring authentication with ESMTP) and the MX role (accepting messages to internal recipients only).
Zac67
  • 10,320
  • 2
  • 12
  • 32