SMTP

Section: [SMTP]

SMTP.Server: list

Each server entry is mapped to an instance of smtp.SMTPServerConfig

Represents a list of SMTP server configuration sections. For guidance on defining section lists, refer to the general configuration documentation Array Tables of TOML.

Any attribute marked below can also be defined in the [SMTP] section to apply a default value to all server entries.

Server.Port: int

Linked to smtp.SMTPServerConfig.smtp_port

Defines the port used by the SMTP server instance. This option is mandatory.

Important

This value must be specified within a [[SMTP.Server]] section.

Server.FQDN: str = "DEMENTOR"

Linked to smtp.SMTPServerConfig.smtp_fqdn. Can also be set in [SMTP]

Specifies the Fully Qualified Domain Name (FQDN) hostname used by the SMTP server. The hostname portion of the FQDN will be included in server responses. The domain part is optional.

Server.Ident: str = "Dementor 1.0"

Linked to smtp.SMTPServerConfig.smtp_ident. Can also be set in [SMTP]

Defines the SMTP server banner (typically identifier and version) sent to clients. This value may influence detection; some antivirus and EDR solutions inspect banners for known patterns.

Server.AuthMechanisms: list[str] = [ "NTLM", "PLAIN", "LOGIN" ]

Linked to smtp.SMTPServerConfig.smtp_auth_mechanisms. Can also be set in [SMTP]

Lists the supported SMTP authentication mechanisms. Currently implemented options:

  • LOGIN: Base64-encoded challenge-based login (via aiosmtpd).

  • PLAIN: Sends credentials in cleartext (via aiosmtpd).

  • NTLM: Implements NTLM authentication per [MS-SMTPNTLM]

You may remove LOGIN and PLAIN to force NTLM. For downgrade attacks, see SMTP.Server.Downgrade.

Server.Downgrade: bool = true

Linked to smtp.SMTPServerConfig.smtp_downgrade. Can also be set in [SMTP]

Attempts to downgrade authentication from NTLM to weaker methods like LOGIN. This is only effective if the client is configured to permit plaintext authentication. See SMTP/IMAP/POP3 Downgrade for practical usage.

Server.TLS: bool = false

Linked to smtp.SMTPServerConfig.smtp_tls. Can also be set in [SMTP]

Enables SSL/TLS support using a custom certificate.

Server.Cert: str

Linked to smtp.SMTPServerConfig.smtp_tls_cert. Can also be set in [SMTP] or [Globals]

Specifies the path to the certificate used when TLS is enabled.

Server.Key: str

Linked to smtp.SMTPServerConfig.smtp_tls_key. Can also be set in [SMTP] or [Globals]

Specifies the private key file corresponding to the certificate used for TLS.

Server.RequireSTARTTLS: bool = false

Linked to smtp.SMTPServerConfig.smtp_require_starttls. Can also be set in [SMTP]

Enforces STARTTLS negotiation before any SMTP commands are accepted.

Server.RequireAUTH: bool = false

Linked to smtp.SMTPServerConfig.smtp_require_auth. Can also be set in [SMTP]

Requires SMTP authentication before the client is permitted to send mail.

Python Config

class smtp.SMTPServerConfig

Represents the configuration for a single SMTP server instance.

smtp_port: int

Corresponds to SMTP.Server.Port

smtp_tls: bool = False

Corresponds to SMTP.Server.TLS.

smtp_fqdn: str = "DEMENTOR"

Corresponds to SMTP.Server.FQDN.

Note

The format used to describe the FWDN hostname incorporates an optional FWDN specification: For instance, using the domain CONTOSO.LOCAL and hostname EXAMPLE, the resulting string would be EXAMPLE.CONTOSO.LOCAL. However, the domain is purely optional and won’t be used if not present.

smtp_ident: str = "Dementor 1.0dev0"

Corresponds to SMTP.Server.Ident.

smtp_downgrade: bool = False

Corresponds to SMTP.Server.Downgrade.

smtp_auth_mechanisms: list[str] = []

Corresponds to SMTP.Server.AuthMechanisms.

Default auth mechanisms returned by a SMTP server
$ nc 127.0.0.1 25
220 DEMENTOR Dementor 1.0
EHLO foobar
250-DEMENTOR
250-SIZE 33554432
250-8BITMIME
250-SMTPUTF8
250-AUTH LOGIN NTLM PLAIN login ntlm plain
250 HELP
smtp_require_auth: bool = False

Corresponds to SMTP.Server.RequireAUTH.

smtp_require_starttls: bool = False

Corresponds to SMTP.Server.RequireSTARTTLS.

smtp_tls_cert: str

Corresponds to SMTP.Server.Cert.

smtp_tls_key: str

Corresponds to SMTP.Server.Key.

Default Configuration

SMTP configuration section (default values)
 1[SMTP]
 2# Global settings for all SMTP servers
 3AuthMechanisms = [ "NTLM", "PLAIN", "LOGIN" ]
 4FQDN = "DEMENTOR"
 5Ident = "Dementor 1.0"
 6RequireAUTH = false
 7Downgrade = true
 8RequireSTARTTLS = false
 9
10# three servers are active by default
11[[SMTP.Server]]
12Port = 25
13
14[[SMTP.Server]]
15Port = 465
16
17[[SMTP.Server]]
18Port = 587