CS615A -- Aspects of System Administration - SMTP Exercise

Exercise: Observe SMTP Traffic

Plain text SMTP

Create an EC2 instance and send an email from it to yourself. Capture all related network traffic via tcpdump(8) and analyze the output.

Compare the results of two different iterations:

  • use the mail(1) utility
  • use telnet(1) to manually issue the SMTP commands

Identify in your tcpdump(8) output all related traffic, including any relevant DNS lookups. Verify that you can observe the content of the email from the network traffic capture.


Repeat the previous exercise, but this time use openssl(1)'s s_client command to issue a STARTTLS command and thus encrypt the communications in transit.

Verify that you can no longer observe the contents of the email from the network traffic capture.

What happens if you change your system's trust bundle to remove the CA certs used by the remote SMTP server? Will your mail still be delievered?

Try to fake some headers

Probe the remote mail server to see what kind of emails it allows, and what it forbids.

Try to change the Envelope-From and To headers, the regular From header, try to relay through the mail server, try to impersonate another account etc. -- what defenses can you identify?

Repeat with different mail servers (e.g., Google, Yahoo, Office 365, Protonmail, ...) -- do they differ in their behavior?

[Course Website]