fingerprinting mail server

**rowdy_yates** · June 14th, 2005, 01:11 AM

hi, do you guys know how to fingerprint a mail server?

i am up for a junior job with this department that manages the email systems and thought it might be a good idea to find out what they use and brush up on the manuals.

don't really want to run anything nasty on their server that might be construed as an attack. just want to find out what mail system they use. i am pretty sure it's not exchange but unix based.

**d0pp** · June 14th, 2005, 01:17 AM

WHOA... don't try remote fingerprining...

Your best bet, both technologically, and in the eyes of the company... is to ask them, and explain that you would like to study up.

THis will make you look good in their eyes usually... make you look like someone who is very thorough.

**unhappy** · June 14th, 2005, 01:30 AM

don't worry ... secret service won't break your door in if you just grab some headers via netcat

***XTC46*** · June 14th, 2005, 01:41 AM

sort of like those kids at harvard that just wanted to know if they had gotten in already... the ones that got in are now kicked out...good deal huh.

**unhappy** · June 14th, 2005, 01:45 AM

point taken... but you can't compare port scan to an inrusion

**d0pp** · June 14th, 2005, 01:53 AM

The fact that you can't get in trouble for it doesn't make it right.

**rowdy_yates** · June 14th, 2005, 01:53 AM

okay. well how about this then.

if you were to use a unix based mail server and you had 100,000 email addys to manage - what would you use? what is capable of that volume?

**d0pp** · June 14th, 2005, 02:02 AM

/me burps the word sendmail

/me farts the word procmail

/me makes some other random bodily noises to the tune of several other standard mail related programs and daemons

Try doing some research on google?

**Spyrochaete** · June 17th, 2005, 12:26 AM

Have you tried connecting to their SMTP or POP3 server via telnet? As long as you don't try to log in it will not be construed as an intrusion. The server won't be able to tell the difference.

You should do this and make a point of it during your interview! My college professor taught us to change the welcome message to obscure what system is running. Tell them you will mask or spoof the identity of the server via the welcome message to make it harder for blackhats to fingerprint.

Telnet to a SMTP server like this from Windows command line:

"telnet smtp.companyname.com:25" (fill in the proper URL or just guess it)

or from Linux:

"telnet smtp.companyname.com 25"

**mmkhan** · June 17th, 2005, 05:21 AM

Hi, i think u are looking for this.

smtpscan is a remote SMTP server version detector. It can be used to guess which mail software is used on a remote server, that may hide its SMTP banner.

http://www.greyhats.org/outils/smtps...mtp_detect.pdf
http://www.greyhats.org/outils/smtps...can-0.5.tar.gz

smtpmap
http://plasmahh.hopto.org/down_tool

Thread: fingerprinting mail server

Thread Tools

Display

fingerprinting mail server

Posting Permissions