Real-Time Hardening Diagnostics
Audit your mail server's security posture in real-time. We execute a live, automated sequence of SMTP commands to detect version leakage, expose plaintext authentication risks, and ensure dangerous reconnaissance commands like VRFY and EXPN are strictly blocked by your infrastructure.
An improperly hardened SMTP server leaks version information, allows hackers to enumerate active email accounts (via VRFY/EXPN commands), and may allow plaintext authentication. Run our automated security audit to map these vulnerabilities.
Most administrators set up their mail servers to "just work" without properly hardening them. This leaves the server open to reconnaissance attacks and credential sniffing.
Postfix 2.10.1 or Microsoft Exchange 2016, hackers can immediately look up known exploits for that exact version. We check if your banner is properly obfuscated.VRFY command allows anyone to ask the server "Does this email exist?". Spammers use this to harvest valid email addresses. We test if your server correctly disables this dangerous command.EXPN command can be used to reveal every member of a mailing list. We ensure your server rejects this command to protect user privacy.AUTH LOGIN before a TLS connection is established, it's inviting users to send their passwords in cleartext. We audit your pre-TLS capabilities.main.cf or Exchange settings.Your feedback has been submitted successfully. We appreciate your help in improving our tools.