CS615A -- Aspects of System Administration - SMTP Exercise
Exercise: Observe SMTP Traffic
Plain text SMTP
Create an EC2 instance and send an email from it to yourself. Capture all related network traffic via tcpdump(8) and analyze the output.
Compare the results of two different iterations:
Identify in your tcpdump(8) output all related traffic, including any relevant DNS lookups. Verify that you can observe the content of the email from the network traffic capture.
SMTP + STARTTLS
Repeat the previous exercise, but this time use openssl(1)'s s_client command to issue a STARTTLS command and thus encrypt the communications in transit.
Verify that you can no longer observe the contents of the email from the network traffic capture.
What happens if you change your system's trust bundle to remove the CA certs used by the remote SMTP server? Will your mail still be delievered?
Try to fake some headers
Probe the remote mail server to see what kind of emails it allows, and what it forbids.
Try to change the Envelope-From and To headers, the regular From header, try to relay through the mail server, try to impersonate another account etc. -- what defenses can you identify?
Repeat with different mail servers (e.g., Google, Yahoo, Office 365, Protonmail, ...) -- do they differ in their behavior?