Let's say there's a mail server accessible on the internet, example: mail3.domain.com
Is it possible to query that address and find out what mail software they are using? Like lotus notes, Exchange, or a linux mailserver software, etc..
Asked
Active
Viewed 752 times
1
-
Please remove `whois` tag as your question has nothing to do with the `whois` protocol or use. – Patrick Mevzek Jan 02 '18 at 16:21
1 Answers
2
You can run a command like:
telnet mail.domain.com 25
In the response you'll see something like:
Trying 122.33.44.555...
Connected to mail.domain.com
Escape character is '^]'.
220-mail.domain.com ESMTP Exim 4.87 #1 Fri, 31 Mar 2017 20:53:59 +0000
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
From that you can learn something about the software being run on the server.
Chris
- 4,672
- 13
- 52
- 93
-
But note that it is not mandatory for an SMTP server to fully identify the OS/software it uses so you may not gather any useful information. You could also use `p0f` or other fingerprinting software but they are based on heuristics and will not work in all cases. There also probably software tailored to fingerprinting SMTP software. – Patrick Mevzek Jan 02 '18 at 16:21