Path: koobera.math.uic.edu!djb From: djb@koobera.math.uic.edu (D. J. Bernstein) Message-ID: <1997Aug1407.44.52.19277@koobera.math.uic.edu> Date: 14 Aug 1997 07:44:52 GMT Newsgroups: comp.security.unix,comp.security.misc,comp.mail.misc,comp.mail.sendmail Subject: Internet host SMTP server survey Organization: IR Starting from the public IP addresses found in the 9701 Network Wizards DNS walk, I removed a few networks (0.*, 1.*, 10.*, 127.*, requests) and eliminated duplicates. The resulting list included 15994616 addresses. I then selected and shuffled a random sublist containing 200000 addresses. Starting at 1997-08-14 02:30:00 TAI, I connected to each of the 200000 addresses at the SMTP port, sent HELP, and recorded the response. The surveying program handled 250 connections in parallel. It finished at 06:45:12 TAI. Most of the connection attempts did not produce a greeting message. There were 8536 successful connections. I fed the responses through a script that guesses what SMTP software is running on each host. Here are the reasons for connection failures: 111116 timed out 48909 host unreachable 21425 connection refused 9384 network unreachable 448 protocol not available 146 immediate disconnect 36 machine not on network Here are the server software tallies. Beware that multihomed machines are counted multiple times; for example, a single machine, with 6494 public DNS entries, accounted for 99 of the 101 CheckPoint addresses. 6531 sendmail 194 not sure 189 unknown (Sorry, unable to contact destination SMTP daemon) 172 smap, security wrapper for sendmail 167 Mercury 125 Smail 102 MS Exchange 101 CheckPoint firewall 86 NT Mail 82 CISCO MultiNet, formerly TGV/MultiNet 72 Post.Office 72 UCX 70 Netscape Mail Server, same as Post.Office 58 IMS SMTP Receiver 51 qmail 49 MMDF 41 PMDF 35 AIMS 31 Zmailer 26 Lotus SMTP MTA 26 unknown (Sorry, you are not authorized to make this connection) 22 Eudora Internet Mail Server 17 unknown (All set, fire away) 15 MetaInfo Sendmail, port of sendmail to NT 14 Exim 13 GroupWise 13 IMail 11 VMS MX 11 unknown (Help ... Not recognized) 10 unknown (Simple Mail Transfer Service Ready) 9 PP 9 SLmail 8 AS/400 SMTP 8 Mail*Link 8 MailShare 8 Microsoft SMTP MAIL 8 Raptor firewall 7 AltaVista Mail 7 Major BBS 7 NetManage SMTP service 6 EMWAC SMTP Receiver 6 MailSite SMTP Receiver 5 AltaVista firewall 5 MDaemon 4 IBM VM SMTP 4 iSMTP 3 ListSTAR 3 NASTA Gate 3 TFS Gateway 2 CommuniGate SMTP 2 Connect2-SMTP 2 IMA SMTP 2 PC/TCP SMTPSRV 1 MindWire-SMTP 1 Pony Express 1 Wollongong SMTP 1 Worldgroup SMTP server Conclusions: 1. At least 2.3 million IP addresses were in use for hosts reachable during the survey period. 2. At least 675000 IP addresses were in use for hosts running SMTP servers during the survey period. 3. Over 76% of the reachable SMTP servers were running UNIX sendmail. This percentage is unchanged from the previous survey in March. The patterns used by the script, expressed in awk format, are shown below. Corrections and additions are welcome. ---Dan /Sorry, you are not authorized to make this connection/ unknown /Sorry, unable to contact destination SMTP daemon/ unknown /MDaemon .* Help system currently inactive/ MDaemon /Microsoft Exchange Internet Mail Connector/ MS Exchange /Microsoft Exchange Internet Mail Service/ MS Exchange /CheckPoint FireWall-1 secure SMTP server/ CheckPoint firewall /NT Server running Internet Shopper/ NT Mail /Simple Mail Transfer Service Ready/ unknown /send comments to qmail@pobox.com/ qmail /Mercury 1\... ESMTP server ready/ Mercury /Mercury 1\... SMTP server ready/ Mercury /PC.TCP SMTPSRV by FTP Software/ PC/TCP SMTPSRV /Running on The Major BBS with / Major BBS /CommuniGate SMTPGate is ready/ CommuniGate SMTP /bugs to The Wollongong Group/ Wollongong SMTP /Microsoft SMTP MAIL ready at/ Microsoft SMTP MAIL /Eudora Internet Mail Server/ Eudora Internet Mail Server /Apple Internet Mail Server/ AIMS /Ready for business. iSMTP/ iSMTP /post.office E-mail system/ Post.Office /Mercury SMTP server ready/ Mercury /CommuniGate SMTP is ready/ CommuniGate SMTP /TGV.MultiNet SMTP server/ CISCO MultiNet, formerly TGV/MultiNet /running IBM AS.400 SMTP/ AS/400 SMTP /Mail.Link SMTP Package/ Mail*Link /NetManage SMTP service/ NetManage SMTP service /MailSite SMTP Receiver/ MailSite SMTP Receiver /Worldgroup SMTP server/ Worldgroup SMTP server /Duhmail..Black Hole v/ sendmail # *.sid.ncr.doe.ca /Generic SMTP handler/ Raptor firewall /Netscape Mail Server/ Netscape Mail Server, same as Post.Office /EMWAC SMTP Receiver/ EMWAC SMTP Receiver /GroupWise SMTP.MIME/ GroupWise /MetaInfo Sendmail/ MetaInfo Sendmail, port of sendmail to NT /IMS SMTP Receiver/ IMS SMTP Receiver /running MailShare/ MailShare /ListSTAR Package/ ListSTAR /TGV MultiNet V/ CISCO MultiNet, formerly TGV/MultiNet /AltaVista Mail/ AltaVista Mail /MindWire-SMTP / MindWire-SMTP /Lotus SMTP MTA/ Lotus SMTP MTA /MX V.\..-. VAX/ VMS MX /\(PMDF#..... V/ PMDF /post.office v/ Post.Office /Connect2-SMTP/ Connect2-SMTP / SMTP \(PMDF / PMDF /MX V.\.. VAX/ VMS MX /TFS Gateway / TFS Gateway /MX V.\.. AXP/ VMS MX /Zachariassen/ Zmailer /Pony Express/ Pony Express /SMTP.OpenVMS/ SMTP-OpenVMS / Smail ready/ Smail /IBM VM SMTP/ IBM VM SMTP / IMA SMTP / IMA SMTP /NASTA Gate/ NASTA Gate /SMTP.smap/ smap /Smail-3.2/ Smail /Smail 3.1/ Smail /smail 3.1/ Smail /Smail3.2/ Smail /Smail3.1/ Smail /SLmail95/ SLmail /SLmailNT/ SLmail /SLMAILNT/ SLmail /Sendmail/ sendmail /PMDF V/ PMDF /SMTPXD/ AltaVista firewall /IMail/ IMail /Exim/ Exim /UCX / UCX /[pP][pP].*Pleased to meet you/ PP /Help \.\.\. Not recognized/ unknown /HELP \.\.\. Not recognized/ unknown /For more info use .HELP/ sendmail /unimplemented..#5.5.1/ qmail / All set, fire away/ unknown /Complaints.bugs to/ MMDF // not sure