RE: Identification of a Mail Server

[Michael Gargiullo <mgargiullo () pvtpt com>]

-----Original Message-----
From: Doug Fox [mailto:dfox168 () hotmail com] 
Sent: Friday, February 03, 2006 9:04 AM
To: pen-test () securityfocus com; incidents () securityfocus com;
forensics () securityfocus com
Subject: Identification of a Mail Server

One can use NetCraft (www.netcraft.com) to identify a web server if it
is
Appache, IIS, etc.

How can one identify a mail server behind a firewall, be it Exchange,
GroupWise, or Lotus Notes?

nmap or nessus helps identify if a mail server is available through tcp
port
25.

Any info is much appreciated!

Regards,

DF
--------

Doug,

You will only be able to identify a mail server that you can access.
Your only other option could come from any message headers you have
received from the mail server.

One of my jobs as a security admin is to make it as difficult as
possible for you to identify any service I run.

I also have mail servers that have no internet presence. They pull mail
in, then use a smart host for sending. They're a ghost, you'd never know
they're out there unless you inspect the headers.  Even then you still
can't access it.

(Look at the headers in this message)

Good luck on your hunt.

-Mike

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------