SMTP Server

How to use goshs as an SMTP server

goshs includes a lightweight SMTP server that receives and logs incoming emails including attachments. This is useful in penetration testing and CTF scenarios where you want to capture emails triggered by password resets, alert mechanisms, or other server-side email functionality.

Starting the SMTP server

goshs -smtp

This starts an SMTP listener on port 2525 (default).

SMTP server options

Collaboration options:
  -smtp, --smtp-server         Enable SMTP server                  (default: false)
  -smtp-port, --smtp-port      SMTP server port                    (default: 2525)
  -smtp-domain, --smtp-domain  SMTP server domain                  (default: open relay)

Setting the domain

Without -smtp-domain the server acts as an open relay and accepts mail for any recipient. Set a domain to restrict accepted mail to a specific domain only:

goshs -smtp -smtp-domain mail.example.com

Changing the port

Standard SMTP uses port 25 (privileged). Use -smtp-port to bind to an unprivileged port:

goshs -smtp -smtp-port 25

What gets logged

For every received email goshs logs:

• Sender (From)
• Recipients (To, CC, BCC)
• Subject
• Plain-text and HTML body
• Number of attachments and their filenames
• Attachments are stored to the current working directory (or the directory set with -d)

Webhook notifications

SMTP receive events can be forwarded to your webhook provider:

goshs -smtp -W -Wu https://discord.com/api/webhooks/<id>/<secret> -We smtp

Use -We smtp to receive only SMTP events, or -We all to include them alongside all other event types.

Running alongside the HTTP server

The SMTP server runs independently and can be combined with any other goshs feature:

goshs -smtp -smtp-domain mail.example.com -s -ss