On Tuesday 07 May 2002 11:55 am, Suresh Ramasubramanian wrote: > For example ... > > 220 hostname.example.com esmtp > 250-hostname.example.com > 250-PIPELINING > 250 8BITMIME > > If you see this, you can kind of lay long odds that this is qmail you are > seeing. �No matter that qmail decides that "hostname esmtp" is enough as an > smtp banner. �[fine, it _is_ enough, but still, as I said, security by > obscurity is a totally bogus concept]
I have always believed that the best way to fingerprint an SMTP server is by the 250 response to the DATA command. So, looking through my maillogs: stat=Sent (g45DFg847627 Message accepted for delivery) - good ol' Sendmail stat=Sent (Ok. 3CD4BFF2.00004697) - Courier - my latest fav stat=Sent (ok 1020561289 qp 18121) - Qmail stat=Sent (02ddf4054030552WEB Queued mail for delivery) stat=Sent (Ok: queued as 0275B46018) stat=Sent (ok dirdel) - Yahoo's patched qmail stat=Sent (Ok.) - iPlanet Messaging Server stat=Sent (OK) - Found this on an AOL SMTP server stat=Sent (Requested mail action okay, completed) - Microsoft Exchange? stat=Sent (OK id=174aHN-00046l-00) - Exim stat=Sent (Ok) - CheckPoint Firewall-1 And so on... Of course, no version numbers. :-( Other indicators should be Received: headers - the way they are formatted and so on. Binand _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
