ismtp is a tool that enumerates emails
> ismtp -h 192.168.50.11 -e emails.txt
---------------------------------------------------------------------
iSMTP v1.6 - SMTP Server Tester, Alton Johnson ([email protected])
---------------------------------------------------------------------
Testing SMTP server [user enumeration]: 192.168.50.11:25
Emails provided for testing: 3
Performing SMTP VRFY test...
Error: b'2.0.0 helios'.
Performing SMTP RCPT TO test...
[-] [email protected] -------- [ invalid ]
[-] [email protected] --- [ invalid ]
[+] helios@symfonos -------------- [ valid ]
Completed SMTP user enumeration test.enumerate useranmes can be done with smtp-user-enum command
/usr/share/wordlists/SecLists/Usernames/xato-net-10-million-usernames-dup.txt is recommended user_file!
smtp-user-enum -M VRFY -U /usr/share/wordlists/metasploit/unix_users.txt -t 192.168.50.22
######## Scan started at Wed May 5 07:27:17 2021 #########
192.168.50.22: backup exists
192.168.50.22: bin exists
192.168.50.22: daemon exists
192.168.50.22: games exists
192.168.50.22: gnats exists
192.168.50.22: irc exists
192.168.50.22: libuuid exists
...
smtp-user-enum -M EXPN -U ./user.txt -t 192.168.50.11
Mode ..................... EXPN
Worker Processes ......... 5
Usernames file ........... ./user.txt
Target count ............. 1
Username count ........... 3
Target TCP port .......... 25
Query timeout ............ 5 secs
Target domain ............
######## Scan started at Wed Apr 21 11:26:36 2021 #########
######## Scan completed at Wed Apr 21 11:26:36 2021 #########
0 results.
3 queries in 1 seconds (3.0 queries / sec)These are quite common suffix for server email address that you can guess
[+] [email protected] --- [ valid ]
[+] boris@goldeneye --------- [ valid ]
[+] boris@local ------- [ valid ]
[+] boris@localhost --------- [ valid ]