On Tue, Feb 03, 2009 at 08:02:30PM -0800 or thereabouts, Fyodor wrote:

> Looking at our current nmap-service-probes, the first real probe for a > TCP service on port 25 will be the "Hello" (which didn't exist at the > time of the fingerprint above). So my suggestion would be to move the > OpenBSD spamd signature to the bottom of the HelLo probe SMTP > signatures.
2026-05-13 16:57:06 +00:00 · 2009-02-04 07:04:09 +00:00 · 2009-02-04 07:04:09 +00:00 · 4b23bb9bb2
commit 4b23bb9bb2
parent 8d44d28023
1 changed files with 2 additions and 1 deletions
--- a/3
+++ b/3
@ -1820,7 +1820,6 @@ match smtp m|^220 shttp\.srv Simple Mail Transfer Service Ready\r\n| p/Small Hom
 match smtp m|^501 Domain must resolve\r\n$| p/odmrd/
 match smtp m|^220 ([-\w_.]+) ModusMail ESMTP Receiver Version ([\d.]+) Ready\r\n| p/ModusMail smtpd/ v/$2/ h/$1/ o/Windows/
 match smtp m|^220 mailmatrix SMTP Server \(Mail Matrix Server\) ready| p/Mail Matrix smtpd/ o/Windows/
-match smtp m|^220 $| p/OpenBSD spamd/
 match smtp m|^220-([-\w_.]+) ESMTP .* GoMail V([\d.]+);| p/GoMail mass mailing plugin smtpd/ v/$2/ h/$1/ o/Windows/
 match smtp m|^220 [-\w_.]+ Winmail Mail Server ESMTP ready\r\n| p/Winmail smtpd/ o/Windows/
 match smtp m|^220 ([-\w_.]+) ESMTP \(Code-Crafters Ability Mail Server ([\d.]+)\)\r\n| p/Code-Crafters Ability smtpd/ v/$2/ h/$1/ o/Windows/
@ -5848,6 +5847,8 @@ match smtp m|^220 \[[\w-_.]+\] ESMTP Ready\r\n501 HELO requires domain address\r
 match smtp m|^220 .* SMTP ready at .*\r\n501 Command \"EHLO\" requires an argument\r\n| p/Lotus Domino smtpd/
 match smtp m|^220 ([\w-_.]+)\r\n250-[\w-_.]+ Axigen ESMTP hello\r\n| p/Axigen smtpd/ h/$1/ o/Unix/

+match smtp m|^220 $| p/OpenBSD spamd/
+
 match smtp-proxy m|^220 ([-\w_.]+) .*\r\n250-[-\w_.]+ supports the following ESMTP extensions:\r\n250-SIZE \d+\r\n250-DSN\r\n250-8bitmime\r\n250 OK\r\n| p/Trend Micro IMSS smtp proxy/ h/$1/

 ##############################NEXT PROBE##############################