312-50V11 · Question #606
An NMAP scan of a server shows port 25 is open. What risk could this pose?
The correct answer is D. Active mail relay. Port 25 is the standard SMTP port, and an open, unauthenticated SMTP service can function as an open mail relay that attackers exploit for spam or phishing campaigns.
Question
An NMAP scan of a server shows port 25 is open. What risk could this pose?
Options
- AOpen printer sharing
- BWeb portal data leak
- CClear text authentication
- DActive mail relay
How the community answered
(32 responses)- B3% (1)
- C3% (1)
- D94% (30)
Why each option
Port 25 is the standard SMTP port, and an open, unauthenticated SMTP service can function as an open mail relay that attackers exploit for spam or phishing campaigns.
Printer sharing uses ports 515 (LPD), 9100, or 631 (IPP) and is unrelated to port 25, which is exclusively associated with SMTP email traffic.
Web portal data leaks are associated with HTTP (port 80) or HTTPS (port 443), not port 25, which handles email routing rather than web content delivery.
While SMTP can transmit credentials in cleartext, the primary and most significant risk of an open port 25 is unsecured mail relay abuse, not credential interception, which is the more defining risk for this service.
Port 25 is assigned to SMTP (Simple Mail Transfer Protocol), the protocol used for email transmission between servers, and an improperly configured SMTP service can act as an open relay - allowing any external party to route email through the server without authentication. Open relays are actively exploited by attackers and spammers to send bulk or malicious email while hiding the true source. This represents a significant security and reputational risk for the organization.
Concept tested: SMTP port 25 open relay security implications
Source: https://datatracker.ietf.org/doc/html/rfc5321
Topics
Community Discussion
No community discussion yet for this question.