Re: Identify the make and model of a Mail Server

From: Bojan Zdrnja <bojan.zdrnja@xxxxxxxxx>
Date: Sun, 5 Feb 2006 10:55:49 +1300

On 2/2/06, Doug Fox <dfox168@xxxxxxxxxxx> wrote:

One can use NetCraft (www.netcraft.com) to identify a web server if it is
Appache, IIS, etc.

How can one identify a mail server behind a firewall, be it Exchange,
GroupWise, or Lotus Notes?

nmap or nessus helps identify if a mail server is available through tcp port
25.

Well, be it behind the firewall or not, port 25 *has* to be open if
you want to receive e-mail from other machines on the Internet.

Whenever you want to identify some application, you will have to rely
on banners that you see after you establish communication.
Most of the servers will nicely identify them self in the first banner
line. This can be changed and some administrators will remove all
identifying messages from the banner.
I've seen servers modified like this, but there are other small clues
you can use to identify them:

- make some SMTP errors so you see how the remote server handles it
(how it informs you of an error). You can probably make a nice table
with various SMTP servers and their error handling
- try opening connection with EHLO and try using the HELP command,
this one often gives more detail about the remote server.

Cheers,

Bojan

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

References:
- Identify the make and model of a Mail Server
  - From: Doug Fox

Prev by Date: RE: Identify the make and model of a Mail Server
Next by Date: RE: Active Directory user enumeration
Previous by thread: RE: Identify the make and model of a Mail Server
Next by thread: RE: Identify the make and model of a Mail Server
Index(es):
- Date
- Thread

Relevant Pages

Re: CEICW fails at firewall config
... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
(microsoft.public.windows.server.sbs)
Re: Recycler security issues on IIS server
... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
(microsoft.public.inetserver.iis.security)
Re: Can Somone Tell Me If We Have a Hacker?
... your firewall to never see that stuff again. ... Those types of attacks DO work. ... beginners out there do that stuff thinking no one will find their FTP site. ... FTP server" which is probably not an option. ...
(microsoft.public.inetserver.iis.security)
Re: ISA SERVER NOT STARTING
... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ...
(microsoft.public.windows.server.sbs)
Re: Blocking Port scans
... Its kind of hard to block SYN scans as to maintain functionality, ... server has to respond to a SYN with a SYN/ACK. ... > Firewall Assessment for a CISCO PIX firewall. ... Cross site scripting and other web attacks before hackers do! ...
(Pen-Test)