Open SMTP (Email) Servers on Your Network

(Last Updated On: June 8, 2021)

Do you know if you have open SMTP servers on your network? In May, Qualys released 21 vulnerabilities to Exim (see Qualys Security Advisory 21Nails: Multiple vulnerabilities in Exim). Exim is a popular Mail Transfer Agent (MTA) available on Unix operating systems and comes pre-installed on Linux distributions. The easy access and wide SMTP/Exim MTAs use have consequences. Your network can have open and vulnerable SMTP/Exim MTAs on your network, vulnerable, and open to exploit. Qualys pointed out that 10 of the disclosed vulnerabilities are remote exploitable along with a POC video on how it works (see 21Nails: Multiple Critical Vulnerabilities in Exim Mail Server).

It is a race … who can find these exposed servers first — the miscreants or the people trying to protect the organization?

Don’t go rushing off to buy a “scanning solution!” Shadowserver’s public benefit daily network reports have extended their SMTP report to include all the 21 Nails vulnerabilities. Shadowserver’s 2021–05–18 scan uncovered 317,848 Open SMTP servers with distinct IPs that are likely vulnerable based on the connected banner identification. The illustration demonstrates the risk per country. Is your network on that list?

Details about the format of the news reports being shared can be found in the Vulnerable SMTP report page and Accessible SMTP Report page. All existing Shadowserver report subscribers are now automatically receiving the Vulnerable SMTP report if any potentially vulnerable SMTP (currently Exim only) services are identified within their networks and countries (for national CSIRTs). If you are an existing subscriber and would like to receive the optional Accessible SMTP Report please send us a request via Shadowserver’s contact page.

If you are not already a subscriber to Shadowserver’s public benefit daily network reports and would like to receive this new report and our other existing report types (covering not just other scan results, but observations from sinkholes, honeypots, darknets, sandboxes, blocklists, and other sources), then please sign up to Shadowserver’s free daily public benefit network remediation feed service.

Originally published at on June 9, 2021.




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

July 6th Update - AMA, Testnet, Audit, and more

Introduction to Application Security: The What, Why, and How

Data Privacy: The Importance of Owning Our Own Identity

Security Engineering Management — a reading list (2 of 6)

Ethernet switch

“The Intelligence Handbook” Notes

Data Breach Troubles? 4 Steps You Should Take After One

Best SSO Provider: Why LoginRadius Is Considered As The Best SSO Solution

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Barry Greene

Barry Greene

More from Medium

More than just a P2E game — Two features that make Kingdom Raids stand out

Kingdom Raids- an P2E NFTs game offers an intriguing gameplay with mobile version

Drone on Power

⚡ HeyForm Weekly 2021.12.1

How to buy VITOGE with VITE on ViteX ?