Path: cr.yp.to!not-for-mail From: djb@cr.yp.to (D. J. Bernstein) Message-ID: <2000Oct507.51.14.11491@cr.yp.to> Date: 5 Oct 2000 07:51:14 GMT Newsgroups: comp.mail.misc,comp.mail.sendmail,comp.security.unix Subject: Internet host SMTP server survey Organization: IR I looked up PTR records for 1000000 random IP addresses. 25777 of the IP addresses had PTR records. I tried to connect to each address at the SMTP port. I obtained successful connections to 908 servers. Evidently there were nearly 4 million reachable SMTP servers on the Internet at that moment. I then sent a series of SMTP commands to each server, and fed the responses through a script that guesses what SMTP software is running on each host. Some comments on the results: * UNIX remains the most common operating system. 62% of the servers are running UNIX-only software; 26% are running Windows-only software; 6% provide answers consistent with both UNIX and Windows. * Sendmail is continuing to drop in popularity. The Sendmail company claims on its web pages that Sendmail ``powers the majority of the Internet's mail servers''; that claim is no longer true. * As in previous surveys, most of the Sendmail servers announce version numbers known to have security holes, in some cases remotely exploitable. Very few servers are running the most recent free version of Sendmail, or any commercial version of Sendmail. Apparently most Sendmail users simply take what comes with the operating system. Here are the software tallies: 47% 430 UNIX Sendmail 16% 149 Windows Microsoft Exchange 9% 82 UNIX qmail 6% 55 Windows Ipswitch IMail 3% 26 unknown (``Relay not authorized'') 21 UNIX smap 19 not sure 15 UNIX Exim 10 UNIX/Windows Check Point firewall 9 UNIX/Windows Software.com Post.Office 9 UNIX/Windows GroupWise 9 UNIX/Windows DatCon IMS 6 Windows Gordano NTMail 6 UNIX IBM Postfix, formerly VMailer 4 Windows Sendmail 4 Windows Atrium MERCUR 3 unknown (``ESMTP hello!'') 3 Windows Deerfield.com MDaemon 3 VMS CISCO MultiNet, formerly TGV/MultiNet 3 UNIX/Windows Netscape Messaging Server, formerly Netscape Mail Server 3 UNIX/Windows Lotus Domino 3 UNIX Zmailer 3 UNIX Smail 3 UNIX Obtuse SMTPD 2 Windows Vircom VOP Mail 2 Windows Rockliffe MailSite 2 Windows O'Reilly WebBoard 2 Windows InterScan VirusWall 2 UNIX/Windows NetWin Dmail 2 UNIX/Windows Lotus SMTP MTA 1 unknown (``*****'') 1 Windows Worldgroup 1 Windows WinProxy 1 Windows Tumbleweed WorldSecure 1 Windows Thompson AnalogX 1 Windows SmartMax MailMax 1 Windows Seattle Lab SLmail 1 Windows Norton AntiVirus 1 Windows Isocor N-PLEX 1 Windows Eudora Worldmail 1 Windows ArGoSoft Mail Server 1 VMS PMDF 1 UNIX/Windows Stalker CommuniGate 1 UNIX/Windows Lyris SMTP 1 UNIX/Windows AltaVista firewall 1 UNIX cmap 1 MacOS Eudora Internet Mail Server, formerly AIMS 1 MacOS AppleShare The patterns used by the script, expressed in awk format, are shown below. Corrections and additions are welcome. ---Dan /This SMTP server is a part of the InterMail E-mail system./ { print intermail; next } /221 Winproxy SMTP Service closing transmission channelM/ { print winproxy; next } /Welcome to the Internet Anywhere Mail Server Version/ { print internetanywhere; next } / AppleShare IP Mail Server ..... SMTP Server Ready/ { print appleshare; next } / SMTP Service Ready .QuickMail Pro Server for Mac/ { print quickmail; next } / AppleShare IP Mail Server ... SMTP Server Ready/ { print appleshare; next } / WebSTAR Mail Simple Mail Transfer Service Ready/ { print webstar; next } / -- Server ESMTP .Sun Internet Mail Server sims/ { print sims; next } /MERCUR SMTP-Server .v.* for Windows NT ready at/ { print mercur; next } /MERCUR SMTP-Server .v.* for Windows 95 ready at/ { print mercur; next } / Service ready by David PostMan .Tobit Software/ { print david; next } / WorldSecure Server SMTP Relay Service readyM/ { print worldsecure; next } / ESMTP service ready .[0-9]*. using MDaemon v/ { print mdaemon; next } / Microsoft SMTP MAIL ready at .* Version: 5.5/ { print exchange; next } / Microsoft ESMTP MAIL Service, Version: 5.0/ { print exchange; next } /Microsoft Exchange Internet Mail Service / { print exchange; next } /MDaemon .* Help system currently inactive/ { print mdaemon; next } /502 5.3.0 Sendmail .*HELP not implemented/ { print sendmail; next } / WebShield SMTP V[^ ]* Network Associates/ { print webshield; next } /CheckPoint FireWall-1 secure SMTP server/ { print checkpoint; next } / CommuniGate Pro SMTP closing connection/ { print communigate; next } /220-Running on Worldgroup with TCPLIBNT / { print worldgroup; next } /Stalker Internet Mail Server .*is ready/ { print stalker; next } / ESMTP service ready .[0-9]*. MDaemon v/ { print mdaemon; next } / .MX V5.1-X V.... ESMTP server ready/ { print vmsmx; next } /502 Sendmail .*HELP not implemented/ { print sendmail; next } / ESMTP CPMTA-3_2_3_0 - NO UCEM.250-/ { print qmail; next } # criticalpath /NT Server running Internet Shopper/ { print ntmail; next } / MailSite ESMTP Receiver Version / { print mailsite; next } / WebBoard SMTP Receiver Version / { print webboard; next } /http:..pobox.com..djb.qmail.html/ { print qmail; next } / ArGoSoft Mail Server, Version / { print argosoft; next } /VOPmail ESMTP Receiver Version / { print vopmail; next } / ESMTP .IPAD 2....... ready at/ { print ipad; next } / InterScan VirusWall NT ESMTP / { print interscan; next } /CommuniGate SMTPGate is ready/ { print communigate; next } /FirstClass ESMTP Mail Server / { print firstclass; next } /214-This is Sendmail version/ { print sendmail; next } / ESMTP server .Post.Office v/ { print postoffice; next } / NT-ESMTP Server .* .IMail / { print imail; next } /Eudora Internet Mail Server/ { print eims; next } / ESMTP .IPAD 2.... ready at/ { print ipad; next } /Apple Internet Mail Server/ { print eims; next } / GroupWise Internet Agent / { print groupwise; next } / ESMTP .IPAD 2... ready at/ { print ipad; next } / ESMTP .IPAD 1... ready at/ { print ipad; next } /sendmail-bugs@sendmail.org/ { print sendmail; next } / ESMTP CPMTA-3_2_3_0M.250-/ { print qmail; next } # criticalpath / Lyris SMTP Service readyM/ { print lyris; next } /220 NAVIEG Service readyM/ { print norton; next } /post.office E-mail system/ { print postoffice; next } /CommuniGate SMTP is ready/ { print communigate; next } /Netscape Messaging Server/ { print netscape; next } /ESMTP Service .Worldmail / { print worldmail; next } /ESMTP Service .WorldMail / { print worldmail; next } /PSC MultiNet for OpenVMS / { print multinet; next } /TGV.MultiNet SMTP server/ { print multinet; next } /sendmail@CS.Berkeley.EDU/ { print sendmail; next } / ESMTP Postfix .Postfix-/ { print postfix; next } / ESMTP CommuniGate Pro / { print communigate; next } /running IBM AS.400 SMTP/ { print as400; next } /FirstClass Mail Server / { print firstclass; next } / .Lotus Domino Release / { print lotusdomino; next } / .Lotus Domino Build v / { print lotusdomino; next } /MailSite SMTP Receiver/ { print mailsite; next } /Worldgroup SMTP server/ { print worldgroup; next } /cc:Mail Link to SMTP R/ { print ccmail; next } /ESMTP Service .NPlex / { print nplex; next } / Netscape Mail Server/ { print netscape; next } / Server ESMTP .PMDF V/ { print pmdf; next } / SMTP Server SLmail / { print slmail; next } / DSMTP ESMTP Server / { print dmail; next } / dmail@netwin.co.nz / { print dmail; next } / SMTP AnalogX Proxy / { print analogx; next } / InterChange ESMTP v/ { print interchange; next } / FTGate server ready/ { print ftgate; next } / GroupWise SMTP.MIME/ { print groupwise; next } / ESMTP PostfixM.250/ { print postfix; next } / InterChange SMTP v/ { print interchange; next } / .Mail-Max Version / { print mailmax; next } / MetaInfo Sendmail / { print sendmailwindows; next } / Metainfo Sendmail / { print sendmailwindows; next } / IMS SMTP Receiver / { print ims; next } / running MailShare / { print eims; next } / Sendmail for NT / { print sendmailwindows; next } / SMTP.cmap ready_/ { print cmap; next } / MailShield SMTP / { print mailshield; next } / SMTP.smap Ready/ { print smap; next } / SMTPXD version / { print avfirewall; next } / ESMTP Sendmail / { print sendmail; next } / 220-Sendmail 8/ { print sendmail; next } / TGV MultiNet V/ { print multinet; next } / AltaVista Mail/ { print avmail; next } / Lotus SMTP MTA/ { print lotussmtp; next } / MX V.\..-. VAX/ { print vmsmx; next } / ESMTP VMailer / { print postfix; next } / Sendmail 5.65 / { print sendmail; next } / Sendmail SMI-/ { print sendmail; next } / post.office v/ { print postoffice; next } / SMTP RS ver / { print rs; next } / MX V.\.. VAX/ { print vmsmx; next } / TFS Gateway / { print tfs; next } / MX V.\.. AXP/ { print vmsmx; next } / Zachariassen/ { print zmailer; next } / SMTP.OpenVMS/ { print openvms; next } / ESMTP Exim / { print exim; next } / Smail ready/ { print smail; next } / IBM VM SMTP/ { print ibmvm; next } / NASTA Gate / { print nasta; next } / .MDaemon v/ { print mdaemon; next } / NTMail .v/ { print ntmail; next } / Smail-3/ { print smail; next } / ESMTP .* Hello .*, pleased to meet youM.250-EXPNM.250-VERBM.250-8BITMIMEM.250-SIZE[ 0-9]*M.250-DSNM.250-ONEXM.250-ETRNM.250-XUSRM.250 HELPM.503 .* Duplicate HELO.EHLOM.250 ..... Sender okM.502 HELP not implementedM.221 / { print sendmail; next } /forging of mail requires recognizable SMTP/ { print obtuse; next } /\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*/ { print "unknown (``*****'\'\'')"; next } /572 Relay not authorizedM.$/ { print "unknown (``Relay not authorized'\'\'')"; next } /ESMTP hello!M.250-EXPNM.250-ETRNM.250-AUTH LOGIN CRAM-MD5M.250 SIZE/ { print "unknown (``ESMTP hello!'\'\'')"; next } /ESMTP hello!M.250-VRFYM.250-EXPNM.250-ETRNM.250-AUTH LOGIN CRAM-MD5M.250 SIZE/ { print "unknown (``ESMTP hello!'\'\'')"; next } /ESMTP hello!M.250-VRFYM.250-EXPNM.250-ETRNM.250-AUTH LOGIN CRAM-MD5M.250-8BITMIMEM.250 SIZE/ { print "unknown (``ESMTP hello!'\'\'')"; next }