GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  SMTPSCAN (1)

NAME

smtpscan 0.5

CONTENTS

Synopsis
Description
Options
Examples
Files
Author
How To Help
Availability

SYNOPSIS

smtpscan [OPTIONS...] hostname(s)
smtpscan [OPTIONS...] -D DOMAINNAME

DESCRIPTION

smtpscan is a remote SMTP server version detector. It can be used to guess which mail software is used on a remote server, that may hide its SMTP banner.

smtpscan works by testing the remote SMTP server reaction, thanks to tests defined in the tests (/usr/local/share/smtpscan/tests) file. Almost all of those tests consists in weird SMTP request, whose answer is not precisly defined in the corresponding RFCs. Some other times, they check whether the remote SMTP server is simply RFC compliant. After each test, remote server returns a SMTP Error Message. Fingerprints are made of SMTP Error Messages corresponding to the tests.

Due to the fact that server reaction may be modified by its configuration, smtpscan tries to detect the nearest fingerprint if there is no exact match, that is it finds the fingerprint(s) that have the fewer different Error Messages.

Currently, 15 tests are used to guess the remote server version. Some other may be added in the future.

OPTIONS

-h, --help Print help message
-V Print smtpscan current version and exits
-v Verbose mode
-d Debug mode

-f=PATH Fingerprint file location
-t=PATH Test file location
-p=PORT Remote port
-i=TIMEOUT Connection timeout (in seconds)
-c Connect only once. Some servers don’t accept too many consecutive connections from a host. You may use this option to be able to scan some servers. smtpscan then uses the SMTP ’RSET’ command to be able to restart negociation. Beware: some SMTP servers don’t accept too many RSET either...

-D Specify a Domain name instead of a server. smtpscan then retrieve the corresponding mail exchanger and scan it

-n=NUMBER
  Scan the Nth mail exchanger instead of the first (ordered by preference)
-a Scan all the Mail Exchangers of the specified domain (see -D switch), that is scan every IP address returned by a MX DNS request (beware of ’virtual IPs’ or load balancing...)

EXAMPLES

Here is some smtpscan use examples :

smtpscan smtp.test.com
 
.Sp Scans remote host smtp.test.com to guess its smtp software version
smtpscan smtp1.test.com smtp2.test.com
 
.Sp Scans remote hosts smtp1 et smtp2
smtpscan -D yahoo.com
 
.Sp Scans the yahoo.com first Mail Exchanger (may be different servers while trying several times, because of DNS CNAME)
smtpscan -D yahoo.com -n 2
 
.Sp Scans the yahoo.com secondary Mail Exchanger
smtpscan -D yahoo.com -a -c -i 15
 
.Sp Scans all the yahoo.com Mail Exchangers found, uses the RSET smtp keyword so that only one connexion is opened per SMTP server and sets the timeout at 15 seconds

FILES

/usr/local/share/smtpscan/fingerprints - fingerprints file

/usr/local/share/smtpscan/tests - tests file

AUTHOR

Julien Bordet (<zejames>) <zejames@greyhats.org>

HOW TO HELP

smtpscan fingerprint file is a growing database : any mail sent to zejames@greyhats.org with fingerprint and SMTP server version would be very appreciated :=)

AVAILABILITY

http://www.greyhats.org/outils/smtpscan/
Search for    or go to Top of page |  Section 1 |  Main Index


smtpscan 0.5 SMTPSCAN (1) 20020821

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.