From 4b23bb9bb2f5e4c0864f027733eec948d250cd09 Mon Sep 17 00:00:00 2001 From: doug Date: Wed, 4 Feb 2009 07:04:09 +0000 Subject: [PATCH] On Tue, Feb 03, 2009 at 08:02:30PM -0800 or thereabouts, Fyodor wrote: > Looking at our current nmap-service-probes, the first real probe for a > TCP service on port 25 will be the "Hello" (which didn't exist at the > time of the fingerprint above). So my suggestion would be to move the > OpenBSD spamd signature to the bottom of the HelLo probe SMTP > signatures. --- nmap-service-probes | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nmap-service-probes b/nmap-service-probes index 91909d23d..f66b850bc 100644 --- a/nmap-service-probes +++ b/nmap-service-probes @@ -1820,7 +1820,6 @@ match smtp m|^220 shttp\.srv Simple Mail Transfer Service Ready\r\n| p/Small Hom match smtp m|^501 Domain must resolve\r\n$| p/odmrd/ match smtp m|^220 ([-\w_.]+) ModusMail ESMTP Receiver Version ([\d.]+) Ready\r\n| p/ModusMail smtpd/ v/$2/ h/$1/ o/Windows/ match smtp m|^220 mailmatrix SMTP Server \(Mail Matrix Server\) ready| p/Mail Matrix smtpd/ o/Windows/ -match smtp m|^220 $| p/OpenBSD spamd/ match smtp m|^220-([-\w_.]+) ESMTP .* GoMail V([\d.]+);| p/GoMail mass mailing plugin smtpd/ v/$2/ h/$1/ o/Windows/ match smtp m|^220 [-\w_.]+ Winmail Mail Server ESMTP ready\r\n| p/Winmail smtpd/ o/Windows/ match smtp m|^220 ([-\w_.]+) ESMTP \(Code-Crafters Ability Mail Server ([\d.]+)\)\r\n| p/Code-Crafters Ability smtpd/ v/$2/ h/$1/ o/Windows/ @@ -5848,6 +5847,8 @@ match smtp m|^220 \[[\w-_.]+\] ESMTP Ready\r\n501 HELO requires domain address\r match smtp m|^220 .* SMTP ready at .*\r\n501 Command \"EHLO\" requires an argument\r\n| p/Lotus Domino smtpd/ match smtp m|^220 ([\w-_.]+)\r\n250-[\w-_.]+ Axigen ESMTP hello\r\n| p/Axigen smtpd/ h/$1/ o/Unix/ +match smtp m|^220 $| p/OpenBSD spamd/ + match smtp-proxy m|^220 ([-\w_.]+) .*\r\n250-[-\w_.]+ supports the following ESMTP extensions:\r\n250-SIZE \d+\r\n250-DSN\r\n250-8bitmime\r\n250 OK\r\n| p/Trend Micro IMSS smtp proxy/ h/$1/ ##############################NEXT PROBE##############################