recog 2.1.18 → 2.1.19
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/recog/version.rb +1 -1
- data/xml/smtp_banners.xml +557 -666
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ca666a0361fcb46b9fb7bca00434fdfd98b98f99
|
|
4
|
+
data.tar.gz: b0f0741ca09a7e715f275c72ee1b56865a5239b8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fa394f748d7dc282b765434e8ffd234b0c6071af08db6d43b161f4287b32e4fd3701a0f1811a35ea3278826dcb4243ef3c0e99c1f961ae97afa2eba2f66fd37e
|
|
7
|
+
data.tar.gz: 6d375315056567afc494c1b0727f0db9f27c03303656a4728d0abdb8c35ac8d08eaf5939c1bb14b568de8ebd1a362d5a2588384a7f137ce19212e9c37b487be3
|
data/lib/recog/version.rb
CHANGED
data/xml/smtp_banners.xml
CHANGED
|
@@ -24,7 +24,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
24
24
|
-->
|
|
25
25
|
<fingerprints matches="smtp.banner" protocol="smtp" database_type="service" preference="0.20">
|
|
26
26
|
<fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) EVAL \d+-\d+\)$">
|
|
27
|
-
<description>IMail EVAL version</description>
|
|
27
|
+
<description>IMail - EVAL version</description>
|
|
28
28
|
<example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 EVAL 11347-1)</example>
|
|
29
29
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
|
30
30
|
<param pos="0" name="service.family" value="IMail Server"/>
|
|
@@ -34,7 +34,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
34
34
|
<param pos="0" name="imail.eval" value="yes"/>
|
|
35
35
|
</fingerprint>
|
|
36
36
|
<fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\)$">
|
|
37
|
-
<description>IMail non-EVAL version</description>
|
|
37
|
+
<description>IMail - non-EVAL version</description>
|
|
38
38
|
<example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 899085-1)</example>
|
|
39
39
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
|
40
40
|
<param pos="0" name="service.family" value="IMail Server"/>
|
|
@@ -43,7 +43,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
43
43
|
<param pos="1" name="host.name"/>
|
|
44
44
|
</fingerprint>
|
|
45
45
|
<fingerprint pattern="^([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\) NT-ESMTP Server X1$">
|
|
46
|
-
<description>IMail non-EVAL version, NT-ESMTP at end</description>
|
|
46
|
+
<description>IMail - non-EVAL version, NT-ESMTP at end</description>
|
|
47
47
|
<example service.version="12.4.2.27">foo.bar (IMail 12.4.2.27 21349-1) NT-ESMTP Server X1</example>
|
|
48
48
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
|
49
49
|
<param pos="0" name="service.family" value="IMail Server"/>
|
|
@@ -52,10 +52,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
52
52
|
<param pos="1" name="host.name"/>
|
|
53
53
|
</fingerprint>
|
|
54
54
|
<fingerprint pattern="^([^ ]+) SMTP AnalogX Proxy ([^ ]+\.[^ ]+) \(Release\) ready *$">
|
|
55
|
-
<description>
|
|
56
|
-
AnalogX proxy
|
|
57
|
-
http://www.analogx.com/contents/download/network/proxy.htm
|
|
58
|
-
</description>
|
|
55
|
+
<description>AnalogX proxy (http://www.analogx.com/contents/download/network/proxy.htm)</description>
|
|
59
56
|
<example host.name="192.168.1.1" service.version="4.15">192.168.1.1 SMTP AnalogX Proxy 4.15 (Release) ready</example>
|
|
60
57
|
<param pos="0" name="service.vendor" value="AnalogX"/>
|
|
61
58
|
<param pos="0" name="service.family" value="Proxy"/>
|
|
@@ -64,38 +61,45 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
64
61
|
<param pos="1" name="host.name"/>
|
|
65
62
|
</fingerprint>
|
|
66
63
|
<fingerprint pattern="^ArGoSoft Mail Server, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
|
67
|
-
<description>
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
64
|
+
<description>ArGoSoft Mail Server</description>
|
|
65
|
+
<example service.version="1.4.0.7">ArGoSoft Mail Server, Version 1.4 (1.4.0.7)</example>
|
|
66
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
67
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
68
|
+
<param pos="0" name="os.product" value="Windows"/>
|
|
72
69
|
<param pos="0" name="service.vendor" value="ArGoSoft"/>
|
|
73
70
|
<param pos="0" name="service.family" value="Mail Server"/>
|
|
74
71
|
<param pos="0" name="service.product" value="Mail Server"/>
|
|
75
72
|
<param pos="1" name="service.version"/>
|
|
76
73
|
</fingerprint>
|
|
77
|
-
<fingerprint pattern="
|
|
78
|
-
<description>ArGoSoft Mail
|
|
79
|
-
<example host.name="
|
|
74
|
+
<fingerprint pattern="^^(?:(\S+) +)?ArGoSoft Mail Server Freeware, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
|
75
|
+
<description>ArGoSoft Mail Server - freeware version</description>
|
|
76
|
+
<example host.name="foo.bar" service.version="1.8.8.8">foo.bar ArGoSoft Mail Server Freeware, Version 1.8 (1.8.8.8)</example>
|
|
77
|
+
<example service.version="1.8.8.8">ArGoSoft Mail Server Freeware, Version 1.8 (1.8.8.8)</example>
|
|
78
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
79
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
80
|
+
<param pos="0" name="os.product" value="Windows"/>
|
|
80
81
|
<param pos="0" name="service.vendor" value="ArGoSoft"/>
|
|
81
82
|
<param pos="0" name="service.family" value="Mail Server"/>
|
|
82
83
|
<param pos="0" name="service.product" value="Mail Server"/>
|
|
83
84
|
<param pos="2" name="service.version"/>
|
|
84
85
|
<param pos="1" name="host.name"/>
|
|
85
86
|
</fingerprint>
|
|
86
|
-
<fingerprint pattern="^ArGoSoft Mail Server Pro for WinNT\/2000(?:\/XP)?, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
|
87
|
-
<description>ArGoSoft Mail
|
|
87
|
+
<fingerprint pattern="^(?:(\S+) +)?ArGoSoft Mail Server Pro for WinNT\/2000(?:\/XP)?, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
|
88
|
+
<description>ArGoSoft Mail Server - Pro version</description>
|
|
88
89
|
<example service.version="1.6.1.8">ArGoSoft Mail Server Pro for WinNT/2000, Version 1.61 (1.6.1.8)</example>
|
|
89
90
|
<example service.version="1.8.9.5">ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)</example>
|
|
91
|
+
<example host.name="foo.bar" service.version="1.8.9.5">foo.bar ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)</example>
|
|
92
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
93
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
94
|
+
<param pos="0" name="os.product" value="Windows"/>
|
|
90
95
|
<param pos="0" name="service.vendor" value="ArGoSoft"/>
|
|
91
96
|
<param pos="0" name="service.family" value="Mail Server"/>
|
|
92
97
|
<param pos="0" name="service.product" value="Mail Server"/>
|
|
93
|
-
<param pos="1" name="
|
|
98
|
+
<param pos="1" name="host.name"/>
|
|
99
|
+
<param pos="2" name="service.version"/>
|
|
94
100
|
</fingerprint>
|
|
95
101
|
<fingerprint pattern="^([^ ]+) +AppleShare IP Mail Server ([^ ]+\.[\d.]+) SMTP Server Ready *$">
|
|
96
|
-
<description>
|
|
97
|
-
AppleShare IP Mail Server
|
|
98
|
-
</description>
|
|
102
|
+
<description>AppleShare IP Mail Server</description>
|
|
99
103
|
<example service.version="6.2.1">foo.bar AppleShare IP Mail Server 6.2.1 SMTP Server Ready</example>
|
|
100
104
|
<example service.version="6.2">foo.bar AppleShare IP Mail Server 6.2 SMTP Server Ready</example>
|
|
101
105
|
<param pos="0" name="service.vendor" value="Apple"/>
|
|
@@ -105,9 +109,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
105
109
|
<param pos="2" name="service.version"/>
|
|
106
110
|
</fingerprint>
|
|
107
111
|
<fingerprint pattern="^CheckPoint FireWall-1 secure E?SMTP server *$">
|
|
108
|
-
<description>
|
|
109
|
-
CheckPoint FireWall-1
|
|
110
|
-
</description>
|
|
112
|
+
<description>CheckPoint FireWall-1</description>
|
|
111
113
|
<example>CheckPoint FireWall-1 secure SMTP server</example>
|
|
112
114
|
<example>CheckPoint FireWall-1 secure ESMTP server</example>
|
|
113
115
|
<param pos="0" name="service.vendor" value="Check Point"/>
|
|
@@ -115,9 +117,8 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
115
117
|
<param pos="0" name="service.product" value="Firewall-1"/>
|
|
116
118
|
</fingerprint>
|
|
117
119
|
<fingerprint pattern="^SMTP/cmap ready_+$">
|
|
118
|
-
<description>
|
|
119
|
-
|
|
120
|
-
</description>
|
|
120
|
+
<description>Cisco Pix v4.x</description>
|
|
121
|
+
<example>SMTP/cmap ready________________________________________________________________________</example>
|
|
121
122
|
<param pos="0" name="service.vendor" value="Cisco"/>
|
|
122
123
|
<param pos="0" name="service.family" value="PIX"/>
|
|
123
124
|
<param pos="0" name="service.product" value="PIX"/>
|
|
@@ -148,8 +149,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
148
149
|
<param pos="0" name="service.product" value="PIX"/>
|
|
149
150
|
</fingerprint>
|
|
150
151
|
<fingerprint pattern="^([^ ]+) +ESMTP CPMTA-([^ ]+)_([^ ]+)_([^ ]+)_([^ ]+) - NO UCE *$">
|
|
151
|
-
<description>
|
|
152
|
-
Critical Path (aka InScribe) Messaging Server
|
|
152
|
+
<description>Critical Path (aka InScribe) Messaging Server
|
|
153
153
|
http://www.cp.net/products/inscr_messagingserv_overview.html
|
|
154
154
|
Runs on Windows NT4/2k, Solaris 2.6, 2.7, and 2.8 Sparc/Intel, SGI IRIX 6.5.3 or later, and AIX
|
|
155
155
|
</description>
|
|
@@ -163,22 +163,16 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
163
163
|
<param pos="5" name="service.version.version.version.version"/>
|
|
164
164
|
</fingerprint>
|
|
165
165
|
<fingerprint pattern="^CSM Internet Mail Scanner SMTP-Gateway ready?\. *$">
|
|
166
|
-
<description>
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
TODO: Some versions return a typo "read." instead of "ready." - use this to fingerprint
|
|
170
|
-
example: 220 CSM Internet Mail Scanner SMTP-Gateway ready.
|
|
171
|
-
example: 220 CSM Internet Mail Scanner SMTP-Gateway read.
|
|
172
|
-
</description>
|
|
166
|
+
<description>CSM Internet Mail Scanner SMTP Proxy</description>
|
|
167
|
+
<example>CSM Internet Mail Scanner SMTP-Gateway ready.</example>
|
|
168
|
+
<example>CSM Internet Mail Scanner SMTP-Gateway read.</example>
|
|
173
169
|
<param pos="0" name="service.vendor" value="CSM"/>
|
|
174
170
|
<param pos="0" name="service.family" value="Internet Mail Scanner"/>
|
|
175
171
|
<param pos="0" name="service.product" value="Internet Mail Scanner"/>
|
|
176
172
|
</fingerprint>
|
|
177
173
|
<fingerprint pattern="^([^ ]+) +IMS SMTP Receiver Version ([^ ]+\.[^ ]+) Ready *$">
|
|
178
|
-
<description>
|
|
179
|
-
|
|
180
|
-
example: 220 gabriela.networld.com.ar IMS SMTP Receiver Version 0.83 Ready
|
|
181
|
-
</description>
|
|
174
|
+
<description>EMWAC Internet Mail Services (http://emwac.ed.ac.uk/html/internet_toolchest/ims/ims.htm)</description>
|
|
175
|
+
<example service.version="0.83" host.name="foo.bar">foo.bar IMS SMTP Receiver Version 0.83 Ready</example>
|
|
182
176
|
<param pos="0" name="service.vendor" value="EMWAC"/>
|
|
183
177
|
<param pos="0" name="service.family" value="Internet Mail Services"/>
|
|
184
178
|
<param pos="0" name="service.product" value="Internet Mail Services"/>
|
|
@@ -186,7 +180,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
186
180
|
<param pos="2" name="service.version"/>
|
|
187
181
|
</fingerprint>
|
|
188
182
|
<fingerprint pattern="^([^ ]+) running Eudora Internet Mail Server (\d\.[\d.]+) *$">
|
|
189
|
-
<description>
|
|
183
|
+
<description>Eudora Internet Mail Server</description>
|
|
190
184
|
<example service.version="3.0.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 3.0.2</example>
|
|
191
185
|
<example service.version="2.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 2.2</example>
|
|
192
186
|
<param pos="0" name="service.vendor" value="Eudora"/>
|
|
@@ -200,10 +194,8 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
200
194
|
<param pos="2" name="service.version"/>
|
|
201
195
|
</fingerprint>
|
|
202
196
|
<fingerprint pattern="^([^ ]+) +ESMTP Server \(Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+)\) ready *$">
|
|
203
|
-
<description>
|
|
204
|
-
|
|
205
|
-
(for sure, can't be confused with the IIS builtin SMTP service)
|
|
206
|
-
</description>
|
|
197
|
+
<description>Microsoft Exchange Server 5.5 and above (for sure, can't be confused with the IIS builtin SMTP service)</description>
|
|
198
|
+
<example host.name="foo.bar" service.version="5.5.2653.13">foo.bar ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready</example>
|
|
207
199
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
208
200
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
|
209
201
|
<param pos="0" name="service.product" value="Exchange Server"/>
|
|
@@ -215,10 +207,8 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
215
207
|
<param pos="0" name="os.product" value="Windows"/>
|
|
216
208
|
</fingerprint>
|
|
217
209
|
<fingerprint pattern="^([^ ]+) Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+) ready *$">
|
|
218
|
-
<description>
|
|
219
|
-
|
|
220
|
-
(for sure, can't be confused with the IIS builtin SMTP service)
|
|
221
|
-
</description>
|
|
210
|
+
<description>Microsoft Exchange Server 5.0 (for sure, can't be confused with the IIS builtin SMTP service)</description>
|
|
211
|
+
<example host.name="foo.bar" service.version="5.0.1460.8">foo.bar Microsoft Exchange Internet Mail Service 5.0.1460.8 ready</example>
|
|
222
212
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
223
213
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
|
224
214
|
<param pos="0" name="service.product" value="Exchange Server"/>
|
|
@@ -230,11 +220,8 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
230
220
|
<param pos="0" name="os.product" value="Windows"/>
|
|
231
221
|
</fingerprint>
|
|
232
222
|
<fingerprint pattern="^([^ ]+) Microsoft ESMTP MAIL Service ready at .*$">
|
|
233
|
-
<description>
|
|
234
|
-
|
|
235
|
-
(for sure, can't be confused with the IIS builtin SMTP service)
|
|
236
|
-
</description>
|
|
237
|
-
<example>foo Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
|
|
223
|
+
<description>Microsoft Exchange 2007/2010 (for sure, can't be confused with the IIS builtin SMTP service)</description>
|
|
224
|
+
<example>foo.bar Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
|
|
238
225
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
239
226
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
|
240
227
|
<param pos="0" name="service.product" value="Exchange Server"/>
|
|
@@ -245,77 +232,77 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
245
232
|
<param pos="0" name="os.product" value="Windows"/>
|
|
246
233
|
</fingerprint>
|
|
247
234
|
<fingerprint pattern="^([^ ]+) Microsoft SMTP MAIL ready at (.+) Version: +(\d+\.\d+\.\d+\.\d+\.\d+) *$">
|
|
248
|
-
<description>
|
|
249
|
-
|
|
250
|
-
(they are differentiated from each other in smtp-iis.clp)
|
|
251
|
-
</description>
|
|
235
|
+
<description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 1</description>
|
|
236
|
+
<example host.name="foo.bar" service.version="5.5.1877.197.19">foo.bar Microsoft SMTP MAIL ready at Wed, 29 Nov 2017 23:48:59 +0000 Version: 5.5.1877.197.19</example>
|
|
252
237
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
253
238
|
<param pos="0" name="service.family" value="IIS"/>
|
|
254
239
|
<param pos="0" name="service.product" value="IIS"/>
|
|
255
240
|
<param pos="3" name="service.version"/>
|
|
256
241
|
<param pos="1" name="host.name"/>
|
|
257
242
|
<param pos="2" name="system.time"/>
|
|
258
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
243
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
259
244
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
260
245
|
<param pos="0" name="os.family" value="Windows"/>
|
|
261
246
|
<param pos="0" name="os.device" value="General"/>
|
|
262
247
|
<param pos="0" name="os.product" value="Windows"/>
|
|
263
248
|
</fingerprint>
|
|
264
|
-
<fingerprint pattern="^([^ ]+)
|
|
265
|
-
<description>
|
|
266
|
-
|
|
267
|
-
(they are differentiated from each other in smtp-iis.clp)
|
|
268
|
-
</description>
|
|
249
|
+
<fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(\d+\.\d+\.\d+\.\d+) +ready +(?:at +)?(.+)$">
|
|
250
|
+
<description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 2 </description>
|
|
251
|
+
<example service.version="5.0.2195.5329"> Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready Thu, 30 Nov 2017 11:40:25 +0200</example>
|
|
269
252
|
<example service.version="6.0.3790.4675">foo Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
|
|
253
|
+
<example service.version="6.0.2600.5512" system.time="Thu, 30 Nov 2017 18:22:40 +0900">Microsoft ESMTP MAIL Service, Version: 6.0.2600.5512 ready at Thu, 30 Nov 2017 18:22:40 +0900</example>
|
|
270
254
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
|
271
255
|
<param pos="0" name="service.family" value="IIS"/>
|
|
272
256
|
<param pos="0" name="service.product" value="IIS"/>
|
|
273
257
|
<param pos="2" name="service.version"/>
|
|
274
258
|
<param pos="1" name="host.name"/>
|
|
275
259
|
<param pos="3" name="system.time"/>
|
|
276
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
260
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
277
261
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
278
262
|
<param pos="0" name="os.family" value="Windows"/>
|
|
279
263
|
<param pos="0" name="os.device" value="General"/>
|
|
280
264
|
<param pos="0" name="os.product" value="Windows"/>
|
|
281
265
|
</fingerprint>
|
|
282
266
|
<fingerprint pattern="^ESMTP Exim$">
|
|
283
|
-
<description>Exim without version string or hostname</description>
|
|
267
|
+
<description>Exim - without version string or hostname</description>
|
|
284
268
|
<example>ESMTP Exim</example>
|
|
285
269
|
<param pos="0" name="service.vendor" value="exim"/>
|
|
286
270
|
<param pos="0" name="service.family" value="exim"/>
|
|
287
271
|
<param pos="0" name="service.product" value="exim"/>
|
|
288
272
|
</fingerprint>
|
|
289
|
-
<fingerprint pattern="^ ?([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+\.[\d_
|
|
290
|
-
<description>Exim with version string and optional timestamp</description>
|
|
273
|
+
<fingerprint pattern="^ ?([^, ]+)(?:,)? ESMTP \(?(?i:Exim) +(\d+\.[\d_.bRC-]+)\)?(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
|
|
274
|
+
<description>Exim - with version string and optional timestamp</description>
|
|
291
275
|
<example service.version="4.89" host.name="foo.bar">foo.bar ESMTP Exim 4.89 "</example>
|
|
292
|
-
<example service.version="4.83" host.name="foo.bar">foo.bar, ESMTP EXIM 4.83
|
|
293
|
-
<example service.version="4.84_2" host.name="foo.bar">foo.bar ESMTP Exim 4.84_2
|
|
276
|
+
<example service.version="4.83" host.name="foo.bar">foo.bar, ESMTP EXIM 4.83</example>
|
|
277
|
+
<example service.version="4.84_2" host.name="foo.bar">foo.bar ESMTP Exim 4.84_2 </example>
|
|
278
|
+
<example service.version="4.90_RC3" host.name="foo.bar">foo.bar ESMTP Exim 4.90_RC3 Thu, 30 Nov 2017 03:52:16 -0700 </example>
|
|
279
|
+
<example service.version="4.89_1b" host.name="foo.bar">foo.bar ESMTP Exim 4.89_1b Thu, 05 Apr 2018 21:30:37 +0200</example>
|
|
294
280
|
<example service.version="4.89-122312">foo.bar ESMTP Exim 4.89-122312 Thu, 16 Nov 2017 10:33:38 +0200 </example>
|
|
281
|
+
<example service.version="4.87">foo.bar ESMTP (Exim 4.87) Thu, 30 Nov 2017 03:25:58 -0800 </example>
|
|
295
282
|
<example service.version="4.80" system.time="Thu, 16 Nov 2017 01:04:30 -0800">foo.bar ESMTP Exim 4.80 Thu, 16 Nov 2017 01:04:30 -0800 </example>
|
|
296
283
|
<example service.version="3.12" system.time="Wed, 31 Jan 2001 15:47:23 +1100">foo.bar ESMTP Exim 3.12 #1 Wed, 31 Jan 2001 15:47:23 +1100 </example>
|
|
297
284
|
<example service.version="4.89" host.name="foo.bar"> foo.bar ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 04:55:31 -0500 We do not authorize the use of this system to transport unsolicited, and/or bulk e-mail.</example>
|
|
298
285
|
<param pos="0" name="service.vendor" value="exim"/>
|
|
299
286
|
<param pos="0" name="service.family" value="exim"/>
|
|
300
287
|
<param pos="0" name="service.product" value="exim"/>
|
|
301
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
288
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
302
289
|
<param pos="1" name="host.name"/>
|
|
303
290
|
<param pos="2" name="service.version"/>
|
|
304
291
|
<param pos="3" name="system.time"/>
|
|
305
292
|
</fingerprint>
|
|
306
293
|
<fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
|
307
|
-
<description>Exim with digit only version string and optional timestamp</description>
|
|
294
|
+
<description>Exim - with digit only version string and optional timestamp</description>
|
|
308
295
|
<example service.version="125302" host.name="foo.bar">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
|
|
309
296
|
<param pos="0" name="service.vendor" value="exim"/>
|
|
310
297
|
<param pos="0" name="service.family" value="exim"/>
|
|
311
298
|
<param pos="0" name="service.product" value="exim"/>
|
|
312
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
299
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
313
300
|
<param pos="1" name="host.name"/>
|
|
314
301
|
<param pos="2" name="service.version"/>
|
|
315
302
|
<param pos="3" name="system.time"/>
|
|
316
303
|
</fingerprint>
|
|
317
304
|
<fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
|
318
|
-
<description>Exim with version string and optional timestamp (Ubuntu)</description>
|
|
305
|
+
<description>Exim - with version string and optional timestamp (Ubuntu)</description>
|
|
319
306
|
<example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
|
|
320
307
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
|
321
308
|
<param pos="0" name="os.family" value="Linux"/>
|
|
@@ -323,60 +310,57 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
323
310
|
<param pos="0" name="service.vendor" value="exim"/>
|
|
324
311
|
<param pos="0" name="service.family" value="exim"/>
|
|
325
312
|
<param pos="0" name="service.product" value="exim"/>
|
|
326
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
313
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
327
314
|
<param pos="1" name="host.name"/>
|
|
328
315
|
<param pos="2" name="service.version"/>
|
|
329
316
|
<param pos="3" name="system.time"/>
|
|
330
317
|
</fingerprint>
|
|
331
|
-
<fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
|
332
|
-
<description>Exim without version string and with optional timestamp</description>
|
|
318
|
+
<fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim)(?: +#\d)? *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
|
319
|
+
<description>Exim - without version string and with optional timestamp</description>
|
|
333
320
|
<example host.name="foo.bar">foo.bar ESMTP Exim</example>
|
|
334
321
|
<example host.name="foo.bar" system.time="Thu, 16 Nov 2017 01:11:30 -0800">foo.bar ESMTP Exim Thu, 16 Nov 2017 01:11:30 -0800 </example>
|
|
322
|
+
<example host.name="foo.bar" system.time="Thu, 30 Nov 2017 05:31:32 -0500">foo.bar ESMTP Exim #1 Thu, 30 Nov 2017 05:31:32 -0500 </example>
|
|
335
323
|
<param pos="0" name="service.vendor" value="exim"/>
|
|
336
324
|
<param pos="0" name="service.family" value="exim"/>
|
|
337
325
|
<param pos="0" name="service.product" value="exim"/>
|
|
338
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
326
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
339
327
|
<param pos="1" name="host.name"/>
|
|
340
328
|
<param pos="2" name="system.time"/>
|
|
341
329
|
</fingerprint>
|
|
342
330
|
<fingerprint pattern="^ ?ESMTP (?i:Exim) (\d+\.[\d_.]+)(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
|
343
|
-
<description>Exim without hostname</description>
|
|
331
|
+
<description>Exim - without hostname</description>
|
|
344
332
|
<example service.version="4.82" system.time="Thu, 16 Nov 2017 12:19:22 +0300">ESMTP Exim 4.82 Thu, 16 Nov 2017 12:19:22 +0300 </example>
|
|
345
333
|
<example service.version="4.82"> ESMTP Exim 4.82 Thu, 16 Nov 2017 11:41:41 +0300 </example>
|
|
346
334
|
<example service.version="4.89"> ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 07:32:28 -0200 </example>
|
|
347
335
|
<param pos="0" name="service.vendor" value="exim"/>
|
|
348
336
|
<param pos="0" name="service.family" value="exim"/>
|
|
349
337
|
<param pos="0" name="service.product" value="exim"/>
|
|
350
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
338
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
351
339
|
<param pos="1" name="service.version"/>
|
|
352
340
|
<param pos="2" name="system.time"/>
|
|
353
341
|
</fingerprint>
|
|
354
342
|
<fingerprint pattern="^([^ ]+) FTGate server ready .*$">
|
|
355
|
-
<description>
|
|
356
|
-
FTGate mail server, runs on Windows 9x/NT/2k
|
|
357
|
-
http://www.ftgate.com
|
|
358
|
-
</description>
|
|
343
|
+
<description>FTGate mail server, runs on Windows 9x/NT/2k (http://www.ftgate.com)</description>
|
|
359
344
|
<example host.name="foo.bar">foo.bar FTGate server ready -attitude [C.o.r.E]</example>
|
|
360
345
|
<param pos="0" name="service.vendor" value="Floosietek"/>
|
|
361
346
|
<param pos="0" name="service.family" value="FTGate"/>
|
|
362
347
|
<param pos="0" name="service.product" value="FTGate"/>
|
|
363
348
|
<param pos="1" name="host.name"/>
|
|
364
349
|
</fingerprint>
|
|
365
|
-
<fingerprint pattern="^(
|
|
366
|
-
<description>
|
|
367
|
-
TIS FWTK and derivatives
|
|
350
|
+
<fingerprint pattern="^([^ ]+) +SMTP/smap Ready\.$">
|
|
351
|
+
<description>TIS FWTK and derivatives
|
|
368
352
|
http://www.tis.com/research/software/
|
|
369
353
|
This fingerprint may be ambiguous because other firewalls (like
|
|
370
354
|
Gauntlet) are derived from TIS
|
|
371
355
|
</description>
|
|
356
|
+
<example host.name="foo.bar">foo.bar SMTP/smap Ready.</example>
|
|
372
357
|
<param pos="0" name="service.vendor" value="TIS"/>
|
|
373
358
|
<param pos="0" name="service.family" value="FWTK"/>
|
|
374
359
|
<param pos="0" name="service.product" value="FWTK"/>
|
|
360
|
+
<param pos="1" name="host.name"/>
|
|
375
361
|
</fingerprint>
|
|
376
362
|
<fingerprint pattern="^([^ ]+) GroupWise Internet Agent ([^ ]+\.[^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
|
|
377
|
-
<description>
|
|
378
|
-
Novell GroupWise Internet Agent versions 5 and higher
|
|
379
|
-
</description>
|
|
363
|
+
<description>Novell GroupWise Internet Agent - versions 5 and higher</description>
|
|
380
364
|
<example service.version="5.5.1">foo.bar GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.</example>
|
|
381
365
|
<param pos="0" name="service.vendor" value="Novell"/>
|
|
382
366
|
<param pos="0" name="service.family" value="GroupWise"/>
|
|
@@ -385,9 +369,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
385
369
|
<param pos="2" name="service.version"/>
|
|
386
370
|
</fingerprint>
|
|
387
371
|
<fingerprint pattern="^([^ ]+) GroupWise Internet Agent (\d+\.[\d.]+) Copyright .*\d{4}-\d{4} Novell, Inc..* All rights reserved. Ready *$">
|
|
388
|
-
<description>
|
|
389
|
-
Novell GroupWise Internet Agent versions 5 and higher, second variant
|
|
390
|
-
</description>
|
|
372
|
+
<description>Novell GroupWise Internet Agent - versions 5 and higher, second variant</description>
|
|
391
373
|
<example service.version="8.0.3">foo.bar GroupWise Internet Agent 8.0.3 Copyright (c) 1993-2012 Novell, Inc. All rights reserved. Ready</example>
|
|
392
374
|
<example service.version="14.2.1">foo.bar GroupWise Internet Agent 14.2.1 Copyright 1993-2016 Novell, Inc., a Micro Focus Company. All rights reserved. Ready</example>
|
|
393
375
|
<param pos="0" name="service.vendor" value="Novell"/>
|
|
@@ -397,10 +379,8 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
397
379
|
<param pos="2" name="service.version"/>
|
|
398
380
|
</fingerprint>
|
|
399
381
|
<fingerprint pattern="^([^ ]+) GroupWise SMTP/MIME Daemon ([^ ]+\.[^ ]+) v([^ ]+) Ready \(C\).* Novell, Inc\. *$">
|
|
400
|
-
<description>
|
|
401
|
-
|
|
402
|
-
example: 220 bates.at GroupWise SMTP/MIME Daemon 4.1 v3 Ready (C)1993, 1996 Novell, Inc.
|
|
403
|
-
</description>
|
|
382
|
+
<description>Novell GroupWise - versions below 5</description>
|
|
383
|
+
<example host.name="foo.bar" service.version="4.1" service.version.version="3">foo.bar GroupWise SMTP/MIME Daemon 4.1 v3 Ready (C)1993, 1996 Novell, Inc.</example>
|
|
404
384
|
<param pos="0" name="service.vendor" value="Novell"/>
|
|
405
385
|
<param pos="0" name="service.family" value="GroupWise"/>
|
|
406
386
|
<param pos="0" name="service.product" value="GroupWise"/>
|
|
@@ -408,35 +388,15 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
408
388
|
<param pos="2" name="service.version"/>
|
|
409
389
|
<param pos="3" name="service.version.version"/>
|
|
410
390
|
</fingerprint>
|
|
411
|
-
<fingerprint pattern="^([^ ]+) running IBM VM SMTP (.+) on (.+) *$">
|
|
412
|
-
<description>
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
http://mitvma.mit.edu/system/vm.html
|
|
417
|
-
example: 220 mail.foo.bar running IBM VM SMTP Level 3A0 on Mon, 10 Sep 2001 07:21:54 EDT
|
|
418
|
-
example: 220 mail.foo.bar running IBM VM SMTP V2R4 on Mon, 10 Sep 2001 12:23:47 +0100
|
|
419
|
-
</description>
|
|
391
|
+
<fingerprint pattern="^([^ ]+) (?:ESMTP )?running IBM VM SMTP (.+)(?:; | on )(.+) *$">
|
|
392
|
+
<description>IBM SMTP server for VM/ESA on IBM S/390 and IBM eserver z/Series 900.</description>
|
|
393
|
+
<example service.version="Level 640" system.time="Thu, 30 Nov 2017 01:08:59 PDT">foo.bar running IBM VM SMTP Level 640 on Thu, 30 Nov 2017 01:08:59 PDT</example>
|
|
394
|
+
<example service.version="Level 3A0">foo.bar running IBM VM SMTP Level 3A0 on Mon, 10 Sep 2001 07:21:54 EDT</example>
|
|
395
|
+
<example service.version="V2R4" system.time="Mon, 10 Sep 2001 07:24:35 -0400 (EDT)">foo.bar ESMTP running IBM VM SMTP V2R4; Mon, 10 Sep 2001 07:24:35 -0400 (EDT)</example>
|
|
420
396
|
<param pos="0" name="service.vendor" value="IBM"/>
|
|
421
397
|
<param pos="0" name="service.family" value="VM"/>
|
|
422
398
|
<param pos="0" name="service.product" value="VM"/>
|
|
423
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
424
|
-
<param pos="1" name="host.name"/>
|
|
425
|
-
<param pos="2" name="service.version"/>
|
|
426
|
-
<param pos="3" name="system.time"/>
|
|
427
|
-
</fingerprint>
|
|
428
|
-
<fingerprint pattern="^([^ ]+) running IBM VM SMTP (.+); (.+) *$">
|
|
429
|
-
<description>
|
|
430
|
-
IBM SMTP server for VM/ESA on IBM S/390 and IBM eserver z/Series 900.
|
|
431
|
-
http://www.vm.ibm.com
|
|
432
|
-
http://www-1.ibm.com/servers/eserver/zseries/
|
|
433
|
-
http://mitvma.mit.edu/system/vm.html
|
|
434
|
-
example: 220 mail.foo.bar ESMTP running IBM VM SMTP V2R4; Mon, 10 Sep 2001 07:24:35 -0400 (EDT)
|
|
435
|
-
</description>
|
|
436
|
-
<param pos="0" name="service.vendor" value="IBM"/>
|
|
437
|
-
<param pos="0" name="service.family" value="VM"/>
|
|
438
|
-
<param pos="0" name="service.product" value="VM"/>
|
|
439
|
-
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
399
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
440
400
|
<param pos="1" name="host.name"/>
|
|
441
401
|
<param pos="2" name="service.version"/>
|
|
442
402
|
<param pos="3" name="system.time"/>
|
|
@@ -453,57 +413,60 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
453
413
|
<param pos="0" name="service.product" value="IntraStore"/>
|
|
454
414
|
<param pos="1" name="host.name"/>
|
|
455
415
|
</fingerprint>
|
|
456
|
-
<fingerprint pattern="^(\S+) E?SMTP Server \(JAMES E?SMTP Server ([\d\.]+)\) ready (\
|
|
416
|
+
<fingerprint pattern="^(\S+) E?SMTP Server \(JAMES E?SMTP Server ([\d\.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) \(.+\)$">
|
|
457
417
|
<description>JAMES SMTP Server</description>
|
|
458
|
-
<example host.name="
|
|
418
|
+
<example host.name="foo.bar" service.version="2.3.2">foo.bar SMTP Server (JAMES SMTP Server 2.3.2) ready Tue, 19 May 2015 00:36:13 +0200 (CEST)</example>
|
|
459
419
|
<param pos="0" name="service.vendor" value="Apache"/>
|
|
460
420
|
<param pos="0" name="service.product" value="James"/>
|
|
461
421
|
<param pos="2" name="service.version"/>
|
|
462
422
|
<param pos="1" name="host.name"/>
|
|
463
423
|
<param pos="3" name="system.time"/>
|
|
464
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
424
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
465
425
|
</fingerprint>
|
|
466
|
-
<fingerprint pattern="^(
|
|
467
|
-
<description>
|
|
468
|
-
|
|
469
|
-
|
|
470
|
-
|
|
471
|
-
<param pos="0" name="
|
|
472
|
-
<param pos="0" name="service.
|
|
473
|
-
<param pos="0" name="service.
|
|
474
|
-
<param pos="0" name="
|
|
426
|
+
<fingerprint pattern="^(?:(\S+) +)?ESMTP MailEnable Service, Version: ([\d.]+)$">
|
|
427
|
+
<description>MailEnable - Simple</description>
|
|
428
|
+
<example service.version="9.53">ESMTP MailEnable Service, Version: 9.53</example>
|
|
429
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
430
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
431
|
+
<param pos="0" name="os.product" value="Windows"/>
|
|
432
|
+
<param pos="0" name="service.vendor" value="MailEnable"/>
|
|
433
|
+
<param pos="0" name="service.family" value="Mail Server"/>
|
|
434
|
+
<param pos="0" name="service.product" value="Mail Server"/>
|
|
475
435
|
<param pos="1" name="host.name"/>
|
|
476
436
|
<param pos="2" name="service.version"/>
|
|
477
|
-
<param pos="3" name="system.time"/>
|
|
478
437
|
</fingerprint>
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
<
|
|
438
|
+
<!-- MailEnable has an odd, three version string. Not sure about the meaning the second and third version #s. -->
|
|
439
|
+
<fingerprint pattern="^(?:(\S+) +)?ESMTP MailEnable Service, Version: (?:([\d.]+))?-[\d.]*-[\d.]* (?:ready|denied access) at (\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2})$">
|
|
440
|
+
<description>MailEnable - Complex</description>
|
|
441
|
+
<example host.name="foo.bar" service.version="1.8">foo.bar ESMTP MailEnable Service, Version: 1.8-- ready at 05/20/15 08:50:22</example>
|
|
442
|
+
<example host.name="foo.bar" service.version="9.53">foo.bar ESMTP MailEnable Service, Version: 9.53-9.53- ready at 11/30/17 00:57:37</example>
|
|
443
|
+
<example host.name="foo.bar" service.version="9.00" system.time="11/30/17 09:30:34">foo.bar ESMTP MailEnable Service, Version: 9.00--9.00 ready at 11/30/17 09:30:34</example>
|
|
444
|
+
<example host.name="foo.bar" service.version="1.986" system.time="04/05/18 16:15:25">foo.bar ESMTP MailEnable Service, Version: 1.986-- denied access at 04/05/18 16:15:25</example>
|
|
445
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
446
|
+
<param pos="0" name="os.family" value="Windows"/>
|
|
447
|
+
<param pos="0" name="os.product" value="Windows"/>
|
|
482
448
|
<param pos="0" name="service.vendor" value="MailEnable"/>
|
|
483
|
-
<param pos="0" name="service.family" value="
|
|
484
|
-
<param pos="0" name="service.product" value="
|
|
449
|
+
<param pos="0" name="service.family" value="Mail Server"/>
|
|
450
|
+
<param pos="0" name="service.product" value="Mail Server"/>
|
|
485
451
|
<param pos="0" name="system.time.format" value="MM/dd/yy HH:mm:ss"/>
|
|
486
452
|
<param pos="1" name="host.name"/>
|
|
487
453
|
<param pos="2" name="service.version"/>
|
|
488
454
|
<param pos="3" name="system.time"/>
|
|
489
455
|
</fingerprint>
|
|
490
|
-
<fingerprint pattern="^([^ ]+) \(Mail-Max Version (\d
|
|
491
|
-
<description>
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
</description>
|
|
456
|
+
<fingerprint pattern="^([^ ]+) \(Mail-Max Version (\d+\.[\d\.]+), (.+, .+)\) ESMTP Mail Server Ready. *$">
|
|
457
|
+
<description>Mail Max</description>
|
|
458
|
+
<example host.name="foo.bar" service.version="4.2.4.7">foo.bar (Mail-Max Version 4.2.4.7, Wed, 31 Jan 2001 03:44:35 +0100 WST) ESMTP Mail Server Ready.</example>
|
|
459
|
+
<example host.name="foo.bar" service.version="3.073">foo.bar (Mail-Max Version 3.073, Thu, 30 Nov 2017 17:24:59 +0800 ) ESMTP Mail Server Ready.</example>
|
|
495
460
|
<param pos="0" name="service.vendor" value="Mail-Max"/>
|
|
496
461
|
<param pos="0" name="service.family" value="Mail-Max"/>
|
|
497
462
|
<param pos="0" name="service.product" value="Mail-Max"/>
|
|
498
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
463
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
499
464
|
<param pos="1" name="host.name"/>
|
|
500
465
|
<param pos="2" name="service.version"/>
|
|
501
466
|
<param pos="3" name="system.time"/>
|
|
502
467
|
</fingerprint>
|
|
503
468
|
<fingerprint pattern="^([^ ]+) +MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
|
|
504
|
-
<description>
|
|
505
|
-
Rockliffe MailSite with version (http://www.rockliffe.com)
|
|
506
|
-
</description>
|
|
469
|
+
<description>Rockliffe MailSite - with version (http://www.rockliffe.com)</description>
|
|
507
470
|
<example host.name="foo.bar" service.version="3.4.6.0">foo.bar MailSite ESMTP Receiver Version 3.4.6.0 Ready</example>
|
|
508
471
|
<example host.name="foo.bar" service.version="2.1.7">foo.bar MailSite SMTP Receiver Version 2.1.7 Ready</example>
|
|
509
472
|
<param pos="0" name="service.vendor" value="Rockliffe"/>
|
|
@@ -513,9 +476,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
513
476
|
<param pos="2" name="service.version"/>
|
|
514
477
|
</fingerprint>
|
|
515
478
|
<fingerprint pattern="^([^ ]+) +MailSite E?SMTP Receiver Ready *$">
|
|
516
|
-
<description>
|
|
517
|
-
Rockliffe MailSite without version (http://www.rockliffe.com)
|
|
518
|
-
</description>
|
|
479
|
+
<description>Rockliffe MailSite - without version (http://www.rockliffe.com)</description>
|
|
519
480
|
<example host.name="foo.bar">foo.bar MailSite SMTP Receiver Ready</example>
|
|
520
481
|
<param pos="0" name="service.vendor" value="Rockliffe"/>
|
|
521
482
|
<param pos="0" name="service.family" value="MailSite"/>
|
|
@@ -523,9 +484,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
523
484
|
<param pos="1" name="host.name"/>
|
|
524
485
|
</fingerprint>
|
|
525
486
|
<fingerprint pattern="^ ?MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
|
|
526
|
-
<description>
|
|
527
|
-
Rockliffe MailSite without hostname(http://www.rockliffe.com)
|
|
528
|
-
</description>
|
|
487
|
+
<description>Rockliffe MailSite - without hostname (http://www.rockliffe.com)</description>
|
|
529
488
|
<example service.version="10.2.0.0"> MailSite ESMTP Receiver Version 10.2.0.0 Ready</example>
|
|
530
489
|
<param pos="0" name="service.vendor" value="Rockliffe"/>
|
|
531
490
|
<param pos="0" name="service.family" value="MailSite"/>
|
|
@@ -533,10 +492,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
533
492
|
<param pos="1" name="service.version"/>
|
|
534
493
|
</fingerprint>
|
|
535
494
|
<fingerprint pattern="^([^ ]+) +MAILsweeper ESMTP Receiver Version (\d\.[\d.]+) Ready *$">
|
|
536
|
-
<description>
|
|
537
|
-
Content Security MAILsweeper for SMTP http://www.contenttechnologies.com/products/msw4smtp/default.asp
|
|
538
|
-
example: 220 infotech.at MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready
|
|
539
|
-
</description>
|
|
495
|
+
<description>Content Security MAILsweeper for SMTP (http://www.contenttechnologies.com/products/msw4smtp/default.asp)</description>
|
|
540
496
|
<example service.version="4.2.1.0">foo.bar MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready</example>
|
|
541
497
|
<param pos="0" name="service.vendor" value="Clearswift"/>
|
|
542
498
|
<param pos="0" name="service.family" value="MAILsweeper"/>
|
|
@@ -545,12 +501,12 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
545
501
|
<param pos="2" name="service.version"/>
|
|
546
502
|
</fingerprint>
|
|
547
503
|
<fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
|
|
548
|
-
<description>MDaemon mail server
|
|
504
|
+
<description>MDaemon mail server - with timestamp, unregistered</description>
|
|
549
505
|
<example service.version="4.0.5">foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400</example>
|
|
550
506
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
551
507
|
<param pos="0" name="service.family" value="MDaemon"/>
|
|
552
508
|
<param pos="0" name="service.product" value="MDaemon"/>
|
|
553
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
509
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
554
510
|
<param pos="0" name="mdaemon.unregistered" value="yes"/>
|
|
555
511
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
556
512
|
<param pos="0" name="os.family" value="Windows"/>
|
|
@@ -562,12 +518,12 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
562
518
|
<param pos="3" name="system.time"/>
|
|
563
519
|
</fingerprint>
|
|
564
520
|
<fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
|
|
565
|
-
<description>MDaemon mail server
|
|
521
|
+
<description>MDaemon mail server - with timestamp</description>
|
|
566
522
|
<example service.version="4.0.2">foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500</example>
|
|
567
523
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
568
524
|
<param pos="0" name="service.family" value="MDaemon"/>
|
|
569
525
|
<param pos="0" name="service.product" value="MDaemon"/>
|
|
570
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
526
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
571
527
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
572
528
|
<param pos="0" name="os.family" value="Windows"/>
|
|
573
529
|
<param pos="0" name="os.device" value="General"/>
|
|
@@ -578,7 +534,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
578
534
|
<param pos="3" name="system.time"/>
|
|
579
535
|
</fingerprint>
|
|
580
536
|
<fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
|
|
581
|
-
<description>MDaemon mail server
|
|
537
|
+
<description>MDaemon mail server - without timestamp</description>
|
|
582
538
|
<example service.version="3.5.7">foo.bar ESMTP MDaemon 3.5.7 ready</example>
|
|
583
539
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
584
540
|
<param pos="0" name="service.family" value="MDaemon"/>
|
|
@@ -592,9 +548,10 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
592
548
|
<param pos="2" name="service.version"/>
|
|
593
549
|
</fingerprint>
|
|
594
550
|
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] (?:using )?MDaemon v(\d+\.[\d.]+) ([^ ]+) *$">
|
|
595
|
-
<description>MDaemon mail server
|
|
551
|
+
<description>MDaemon mail server - with version revision</description>
|
|
596
552
|
<example service.version="2.84" service.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.84 R</example>
|
|
597
553
|
<example service.version="3.0.3" service.version.version="R">foo.bar ESMTP service ready [1] using MDaemon v3.0.3 R</example>
|
|
554
|
+
<example service.version="2.8.7.0" service.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.8.7.0 R</example>
|
|
598
555
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
599
556
|
<param pos="0" name="service.family" value="MDaemon"/>
|
|
600
557
|
<param pos="0" name="service.product" value="MDaemon"/>
|
|
@@ -607,49 +564,10 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
607
564
|
<param pos="2" name="service.version"/>
|
|
608
565
|
<param pos="3" name="service.version.version"/>
|
|
609
566
|
</fingerprint>
|
|
610
|
-
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] MDaemon v([
|
|
611
|
-
<description>
|
|
612
|
-
|
|
613
|
-
|
|
614
|
-
</description>
|
|
615
|
-
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
616
|
-
<param pos="0" name="service.family" value="MDaemon"/>
|
|
617
|
-
<param pos="0" name="service.product" value="MDaemon"/>
|
|
618
|
-
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
619
|
-
<param pos="0" name="os.family" value="Windows"/>
|
|
620
|
-
<param pos="0" name="os.device" value="General"/>
|
|
621
|
-
<param pos="0" name="os.product" value="Windows"/>
|
|
622
|
-
<param pos="0" name="os.arch" value="x86"/>
|
|
623
|
-
<param pos="1" name="host.name"/>
|
|
624
|
-
<param pos="2" name="service.version"/>
|
|
625
|
-
<param pos="3" name="service.version.version"/>
|
|
626
|
-
<param pos="4" name="service.version.version.version"/>
|
|
627
|
-
</fingerprint>
|
|
628
|
-
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] MDaemon v([^ ]+)\.([^ ]+)\.([^ ]+)\.([^ ]+) ([^ ]+) *$">
|
|
629
|
-
<description>
|
|
630
|
-
MDaemon mail server
|
|
631
|
-
220 foo.bar.com ESMTP service ready [1] MDaemon v2.8.7.0 R
|
|
632
|
-
</description>
|
|
633
|
-
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
634
|
-
<param pos="0" name="service.family" value="MDaemon"/>
|
|
635
|
-
<param pos="0" name="service.product" value="MDaemon"/>
|
|
636
|
-
<param pos="0" name="os.vendor" value="Microsoft"/>
|
|
637
|
-
<param pos="0" name="os.family" value="Windows"/>
|
|
638
|
-
<param pos="0" name="os.device" value="General"/>
|
|
639
|
-
<param pos="0" name="os.product" value="Windows"/>
|
|
640
|
-
<param pos="0" name="os.arch" value="x86"/>
|
|
641
|
-
<param pos="1" name="host.name"/>
|
|
642
|
-
<param pos="2" name="service.version"/>
|
|
643
|
-
<param pos="3" name="service.version.version"/>
|
|
644
|
-
<param pos="4" name="service.version.version.version"/>
|
|
645
|
-
<param pos="5" name="service.version.version.version.version"/>
|
|
646
|
-
<param pos="6" name="service.version.version.version.version.version"/>
|
|
647
|
-
</fingerprint>
|
|
648
|
-
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+)\) *$">
|
|
649
|
-
<description>
|
|
650
|
-
MDaemon mail server
|
|
651
|
-
220 foo.bar.com ESMTP service ready [2] (MDaemon v2.7 SP4 R)
|
|
652
|
-
</description>
|
|
567
|
+
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] (?:\()?MDaemon v([\d.]+) ([^ ]+) ([^ )]+)(?:\))? *$">
|
|
568
|
+
<description>MDaemon mail server - with service pack</description>
|
|
569
|
+
<example service.version="2.7" service.version.version="SP5" service.version.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.7 SP5 R</example>
|
|
570
|
+
<example service.version="2.7" service.version.version="SP4" service.version.version.version="R">foo.bar ESMTP service ready [1] (MDaemon v2.7 SP4 R)</example>
|
|
653
571
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
654
572
|
<param pos="0" name="service.family" value="MDaemon"/>
|
|
655
573
|
<param pos="0" name="service.product" value="MDaemon"/>
|
|
@@ -664,10 +582,8 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
664
582
|
<param pos="4" name="service.version.version.version"/>
|
|
665
583
|
</fingerprint>
|
|
666
584
|
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)\) *$">
|
|
667
|
-
<description>
|
|
668
|
-
|
|
669
|
-
220 foo.bar.com ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)
|
|
670
|
-
</description>
|
|
585
|
+
<description>MDaemon mail server</description>
|
|
586
|
+
<example service.version="2.5" service.version.version.version="b1">foo.bar ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)</example>
|
|
671
587
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
|
672
588
|
<param pos="0" name="service.family" value="MDaemon"/>
|
|
673
589
|
<param pos="0" name="service.product" value="MDaemon"/>
|
|
@@ -683,42 +599,26 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
683
599
|
<param pos="5" name="service.version.version.version.version"/>
|
|
684
600
|
</fingerprint>
|
|
685
601
|
<!-- example: 220 mail.db-list.com ESMTP MERAK 3.00.140; Tue, 24 Jul 2001 21:30:47 -0700 -->
|
|
686
|
-
<fingerprint pattern="^([^ ]+) +
|
|
687
|
-
<description>
|
|
688
|
-
|
|
689
|
-
|
|
690
|
-
|
|
602
|
+
<fingerprint pattern="^([^ ]+) +E?SMTP (?i:MERAK) ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
|
|
603
|
+
<description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)</description>
|
|
604
|
+
<example host.name="foo.bar" service.version="8.0.3">foo.bar SMTP Merak 8.0.3; Thu, 30 Nov 2017 20:01:41 +1000</example>
|
|
605
|
+
<example host.name="foo.bar" service.version="8.0.3">foo.bar ESMTP Merak 8.0.3; Thu, 30 Nov 2017 12:08:09 +0200</example>
|
|
606
|
+
<example host.name="foo.bar" service.version="2.10.284">foo.bar ESMTP MERAK 2.10.284; Thu, 30 Nov 2017 17:55:10 +0800</example>
|
|
691
607
|
<param pos="0" name="service.vendor" value="Merak"/>
|
|
692
608
|
<param pos="0" name="service.family" value="Mail Server"/>
|
|
693
609
|
<param pos="0" name="service.product" value="Mail Server"/>
|
|
694
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
610
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
695
611
|
<param pos="1" name="host.name"/>
|
|
696
612
|
<param pos="2" name="service.version"/>
|
|
697
613
|
<param pos="3" name="system.time"/>
|
|
698
614
|
</fingerprint>
|
|
699
615
|
<fingerprint pattern="^MERCUR SMTP-Server \(v([^ ]+\.[^ ])0\.([^ ]+) ([^ ]+)\) for (.+) ready at (.+) *$">
|
|
700
|
-
<description>
|
|
701
|
-
|
|
702
|
-
http://www.atrium-software.com/pub/support_e.cfm
|
|
703
|
-
example: 220 MERCUR SMTP-Server (v3.20.01 KA-0098304) for Windows NT ready at Tue, 6 Feb 2001 21:38:26 +0100
|
|
704
|
-
example: 220 MERCUR SMTP-Server (v3.20.01 KA-0098304) for Windows NT ready at Tue, 6 Feb 2001 21:38:26 +0100
|
|
705
|
-
example: 220 MERCUR SMTP-Server (v3.10.18 KA-0098307) for Windows NT ready at Tue, 6 Feb 2001 18:44:03 +0100
|
|
706
|
-
example: 220 MERCUR SMTP-Server (v3.10.18 KA-0098316) for Windows NT ready at Tue, 6 Feb 2001 15:01:51 +0100
|
|
707
|
-
example: 220 MERCUR SMTP-Server (v3.30.03 KA-0098319) for Windows NT ready at Tue, 6 Feb 2001 19:06:18 +0100
|
|
708
|
-
example: 220 MERCUR SMTP-Server (v3.30.03 KA-5341199) for Windows NT ready at Tue, 6 Feb 2001 18:47:09 +0100
|
|
709
|
-
example: 220 MERCUR SMTP-Server (v3.20.01 AS-0098307) for Windows NT ready at Tue, 6 Feb 2001 15:13:14 +0100
|
|
710
|
-
example: 220 MERCUR SMTP-Server (v3.20.01 AS-0098309) for Windows NT ready at Tue, 6 Feb 2001 16:11:42 +0100
|
|
711
|
-
example: 220 MERCUR SMTP-Server (v3.10.16 AS-7962628) for Windows 95 ready at Tue, 6 Feb 2001 16:37:38 +0100
|
|
712
|
-
example: 220 MERCUR SMTP-Server (v3.10.18 AS-5341186) for Windows NT ready at Tue, 6 Feb 2001 19:27:24 +0100
|
|
713
|
-
example: 220 MERCUR SMTP-Server (v3.30.03 CO-0098319) for Windows NT ready at Tue, 6 Feb 2001 20:45:01 +0100
|
|
714
|
-
example: 220 MERCUR SMTP-Server (v3.30.01 NR-7864330) for Windows NT ready at Tue, 6 Feb 2001 21:31:18 +0100
|
|
715
|
-
example: 220 MERCUR SMTP-Server (v3.30.03 DG-0098304) for Windows NT ready at Tue, 6 Feb 2001 22:52:50 +0100
|
|
716
|
-
example: 220 MERCUR SMTP-Server (v3.20.01 SY-0098318) for Windows NT ready at Tue, 6 Feb 2001 23:26:22 +0100
|
|
717
|
-
</description>
|
|
616
|
+
<description>Atrium's MERCUR SMTP server (http://www.atrium-software.com/pub/support_e.cfm)</description>
|
|
617
|
+
<example service.version="3.3" service.version.version="09" service.version.version.version="SA-0000005" mercur.os.info="Windows NT">MERCUR SMTP-Server (v3.30.09 SA-0000005) for Windows NT ready at Thu, 30 Nov 2017 10:01:06 +0100</example>
|
|
718
618
|
<param pos="0" name="service.vendor" value="Atrium Software"/>
|
|
719
619
|
<param pos="0" name="service.family" value="MERCUR"/>
|
|
720
620
|
<param pos="0" name="service.product" value="MERCUR"/>
|
|
721
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
621
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
722
622
|
<param pos="1" name="service.version"/>
|
|
723
623
|
<param pos="2" name="service.version.version"/>
|
|
724
624
|
<param pos="3" name="service.version.version.version"/>
|
|
@@ -726,9 +626,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
726
626
|
<param pos="5" name="system.time"/>
|
|
727
627
|
</fingerprint>
|
|
728
628
|
<fingerprint pattern="^([^ ]+) Mercury ([^ ]+\.[^ ]+) ESMTP server ready.$">
|
|
729
|
-
<description>
|
|
730
|
-
Mercury NLM for Netware ( http://www.pmail.com/index.cfm )
|
|
731
|
-
</description>
|
|
629
|
+
<description>Mercury NLM for Netware ( http://www.pmail.com/index.cfm )</description>
|
|
732
630
|
<example service.version="1.43">foo.bar Mercury 1.43 ESMTP server ready.</example>
|
|
733
631
|
<param pos="0" name="service.family" value="Mercury Mail Transport System"/>
|
|
734
632
|
<param pos="0" name="service.product" value="Mercury Mail Transport System"/>
|
|
@@ -740,9 +638,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
740
638
|
<param pos="2" name="service.version"/>
|
|
741
639
|
</fingerprint>
|
|
742
640
|
<fingerprint pattern="^^([^ ]+) Mercury\/32 v([^ ]+\.[^ ]+) (?:SMTP\/)?ESMTP server ready.?$">
|
|
743
|
-
<description>
|
|
744
|
-
Mercury/32 for Win9x/NT/2000 ( http://www.pmail.com/index.cfm )
|
|
745
|
-
</description>
|
|
641
|
+
<description>Mercury/32 for Win9x/NT/2000 ( http://www.pmail.com/index.cfm )</description>
|
|
746
642
|
<example service.version="3.01a">foo.bar Mercury/32 v3.01a SMTP/ESMTP server ready.</example>
|
|
747
643
|
<example service.version="3.30">foo.bar Mercury/32 v3.30 ESMTP server ready.</example>
|
|
748
644
|
<param pos="0" name="service.family" value="Mercury Mail Transport System"/>
|
|
@@ -755,25 +651,19 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
755
651
|
<param pos="2" name="service.version"/>
|
|
756
652
|
</fingerprint>
|
|
757
653
|
<fingerprint pattern="^([^ ]+) SMTP NAVIEG ([^ ]+\.[^ ]+\.[^ ]+); (.+)* http.*$">
|
|
758
|
-
<description>
|
|
759
|
-
|
|
760
|
-
(note the product changed its name from "Norton Antivirus for Internet Email Gateways" (NAVIEG) to
|
|
761
|
-
"Norton Antivirus for Gateways" (NAVGW) as of version 2.1
|
|
762
|
-
example: mailman.laughlin.af.mil SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com
|
|
763
|
-
</description>
|
|
654
|
+
<description>Norton Antivirus for Internet Email Gateways (becomes NAVGW in 2.1)</description>
|
|
655
|
+
<example host.name="foo.bar" service.version="2.0.1">foo.bar SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com</example>
|
|
764
656
|
<param pos="0" name="service.vendor" value="Norton"/>
|
|
765
657
|
<param pos="0" name="service.family" value="Antivirus for Gateways"/>
|
|
766
658
|
<param pos="0" name="service.product" value="Antivirus for Gateways"/>
|
|
767
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
659
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
768
660
|
<param pos="1" name="host.name"/>
|
|
769
661
|
<param pos="2" name="service.version"/>
|
|
770
662
|
<param pos="3" name="system.time"/>
|
|
771
663
|
</fingerprint>
|
|
772
664
|
<fingerprint pattern="^([^ ]+) ESMTP service \(Netscape Messaging Server ([^ ]+\.[^ ]+) Patch ([^ ]+).*$">
|
|
773
|
-
<description>
|
|
774
|
-
|
|
775
|
-
example: 220 mail.iasmail.net ESMTP service (Netscape Messaging Server 4.15 Patch 2 (built May 30 2000))
|
|
776
|
-
</description>
|
|
665
|
+
<description>Netscape Messaging Server - with patch number</description>
|
|
666
|
+
<example host.name="foo.bar" service.version="4.15" service.version.version="7">foo.bar ESMTP service (Netscape Messaging Server 4.15 Patch 7 (built Sep 12 2001))</example>
|
|
777
667
|
<param pos="0" name="service.vendor" value="Netscape"/>
|
|
778
668
|
<param pos="0" name="service.family" value="Messaging Server"/>
|
|
779
669
|
<param pos="0" name="service.product" value="Messaging Server"/>
|
|
@@ -781,75 +671,64 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
781
671
|
<param pos="2" name="service.version"/>
|
|
782
672
|
<param pos="3" name="service.version.version"/>
|
|
783
673
|
</fingerprint>
|
|
784
|
-
<fingerprint pattern="^([^ ]+) ESMTP
|
|
785
|
-
<description>
|
|
786
|
-
|
|
787
|
-
</description>
|
|
674
|
+
<fingerprint pattern="^([^ ]+) ESMTP server \(Netscape Messaging Server - Version ([\d.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
|
|
675
|
+
<description>Netscape Messaging Server - w/o patch number</description>
|
|
676
|
+
<example host.name="foo.bar" service.version="3.6" system.time="Thu, 30 Nov 2017 04:19:10 -0500">foo.bar ESMTP server (Netscape Messaging Server - Version 3.6) ready Thu, 30 Nov 2017 04:19:10 -0500</example>
|
|
788
677
|
<param pos="0" name="service.vendor" value="Netscape"/>
|
|
789
678
|
<param pos="0" name="service.family" value="Messaging Server"/>
|
|
790
679
|
<param pos="0" name="service.product" value="Messaging Server"/>
|
|
791
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
680
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
792
681
|
<param pos="1" name="host.name"/>
|
|
793
682
|
<param pos="2" name="service.version"/>
|
|
794
683
|
<param pos="3" name="system.time"/>
|
|
795
684
|
</fingerprint>
|
|
796
685
|
<fingerprint pattern="^([^ ]+) Lotus SMTP MTA Service Ready *$">
|
|
797
|
-
<description>
|
|
798
|
-
|
|
799
|
-
</description>
|
|
686
|
+
<description>Lotus Notes 4 SMTP MTA</description>
|
|
687
|
+
<example host.name="foo.bar">foo.bar Lotus SMTP MTA Service Ready</example>
|
|
800
688
|
<param pos="0" name="service.vendor" value="Lotus"/>
|
|
801
689
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
|
802
690
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
|
803
691
|
<param pos="0" name="service.version" value="4"/>
|
|
804
692
|
<param pos="1" name="host.name"/>
|
|
805
693
|
</fingerprint>
|
|
806
|
-
|
|
694
|
+
<!-- Branding is muddy here, IBM bought Lotus in 1995, server product wasn't
|
|
695
|
+
named Domino until Dec 1996 w/ v 4.5. Seems to have started being
|
|
696
|
+
called IBM Domino as of v9.0 on product and in banners.
|
|
697
|
+
-->
|
|
698
|
+
<fingerprint pattern="^ ?(?:([^ ]+))? *ESMTP Service \(Lotus Domino Release (\d+\.[\w.]+(?: FP\d+)?(?: HF\d+)?)(?: \(Intl\))?\) ready at (.+) *$">
|
|
807
699
|
<description>Lotus Domino SMTP MTA</description>
|
|
808
|
-
<example service.version="5
|
|
809
|
-
<example service.version="5.
|
|
810
|
-
|
|
700
|
+
<example service.version="8.5">foo.bar ESMTP Service (Lotus Domino Release 8.5) ready at Thu, 30 Nov 2017 17:01:45 +0800</example>
|
|
701
|
+
<example service.version="8.5.3FP6 HF1944">foo.bar ESMTP Service (Lotus Domino Release 8.5.3FP6 HF1944) ready at Thu, 30 Nov 2017 17:17:43 +0800</example>
|
|
702
|
+
<example service.version="8.0.2 FP1 HF82">foo.bar ESMTP Service (Lotus Domino Release 8.0.2 FP1 HF82) ready at Thu, 5 Apr 2018 22:03:28 +0200</example>
|
|
703
|
+
<example service.version="5.0.13a"> foo.bar ESMTP Service (Lotus Domino Release 5.0.13a) ready at Thu, 16 Nov 2017 17:47:42 +0800</example>
|
|
704
|
+
<example service.version="7.0.4">foo.bar ESMTP Service (Lotus Domino Release 7.0.4) ready at Thu, 16 Nov 2017 18:28:36 +0900</example>
|
|
811
705
|
<example service.version="8.0.2FP2">foo.bar ESMTP Service (Lotus Domino Release 8.0.2FP2) ready at Thu, 16 Nov 2017 02:17:33 -0700</example>
|
|
812
706
|
<example service.version="8.5.3">foo.bar ESMTP Service (Lotus Domino Release 8.5.3) ready at Thu, 16 Nov 2017 17:52:21 +0800</example>
|
|
813
|
-
<
|
|
814
|
-
<
|
|
815
|
-
<param pos="0" name="service.
|
|
816
|
-
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
817
|
-
<param pos="1" name="host.name"/>
|
|
818
|
-
<param pos="2" name="service.version"/>
|
|
819
|
-
<param pos="3" name="system.time"/>
|
|
820
|
-
</fingerprint>
|
|
821
|
-
<fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Release (\d+\.\w+)\) ready at (.+) *$">
|
|
822
|
-
<description>
|
|
823
|
-
Lotus Domino 5 SMTP MTA
|
|
824
|
-
example: 220 foo.bar.com ESMTP Service (Lotus Domino Release 5.0a) ready at Wed, 20 Jun 2001 08:59:17 +0200
|
|
825
|
-
</description>
|
|
826
|
-
<param pos="0" name="service.vendor" value="Lotus"/>
|
|
707
|
+
<example service.version="7.0"> ESMTP Service (Lotus Domino Release 7.0) ready at Thu, 30 Nov 2017 17:00:41 +0800</example>
|
|
708
|
+
<example host.name="foo.bar" service.version="5.0.1">foo.bar ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) ready at Thu, 30 Nov 2017 12:38:43 +0300</example>
|
|
709
|
+
<param pos="0" name="service.vendor" value="IBM"/>
|
|
827
710
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
|
828
711
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
|
829
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
712
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
830
713
|
<param pos="1" name="host.name"/>
|
|
831
714
|
<param pos="2" name="service.version"/>
|
|
832
715
|
<param pos="3" name="system.time"/>
|
|
833
716
|
</fingerprint>
|
|
834
|
-
<fingerprint pattern="^([^ ]+) ESMTP Service \(
|
|
835
|
-
<description>
|
|
836
|
-
|
|
837
|
-
|
|
838
|
-
|
|
839
|
-
<param pos="0" name="service.vendor" value="
|
|
840
|
-
<param pos="0" name="service.family" value="
|
|
841
|
-
<param pos="0" name="service.product" value="
|
|
842
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
843
|
-
<param pos="0" name="notes.intl" value="yes"/>
|
|
717
|
+
<fingerprint pattern="^ ?(?:([^ ]+))? *ESMTP Service \(IBM Domino Release (\d+\.[\w.]+(?: HF\d+)?)\) ready at (.+) *$">
|
|
718
|
+
<description>IBM Domino SMTP MTA</description>
|
|
719
|
+
<example host.name="foo.bar" service.version="9.0.1FP8 HF475">foo.bar ESMTP Service (IBM Domino Release 9.0.1FP8 HF475) ready at Thu, 30 Nov 2017 17:55:48 +0900</example>
|
|
720
|
+
<example host.name="foo.bar" service.version="9.0.1"> foo.bar ESMTP Service (IBM Domino Release 9.0.1) ready at Thu, 30 Nov 2017 10:12:26 +0100</example>
|
|
721
|
+
<example service.version="9.0.1FP8"> ESMTP Service (IBM Domino Release 9.0.1FP8) ready at Thu, 30 Nov 2017 13:51:59 -0800</example>
|
|
722
|
+
<param pos="0" name="service.vendor" value="IBM"/>
|
|
723
|
+
<param pos="0" name="service.family" value="IBM Domino"/>
|
|
724
|
+
<param pos="0" name="service.product" value="IBM Domino"/>
|
|
725
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
844
726
|
<param pos="1" name="host.name"/>
|
|
845
727
|
<param pos="2" name="service.version"/>
|
|
846
728
|
<param pos="3" name="system.time"/>
|
|
847
729
|
</fingerprint>
|
|
848
730
|
<fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Build (V?[\w.]+)\) ready at (.+) *$">
|
|
849
|
-
<description>
|
|
850
|
-
Lotus Domino (some early build)
|
|
851
|
-
220 foo.bar.com ESMTP Service (Lotus Domino Build 166.1) ready at Tue, 6 Feb 2001 2
|
|
852
|
-
</description>
|
|
731
|
+
<description>Lotus Domino (some early build)</description>
|
|
853
732
|
<example notes.build.version="166.1">foo.bar ESMTP Service (Lotus Domino Build 166.1) ready at Thu, 16 Nov 2017 10:39:22 +0200</example>
|
|
854
733
|
<example notes.build.version="V85_M2_08202008">foo.bar ESMTP Service (Lotus Domino Build V85_M2_08202008) ready at Thu, 16 Nov 2017 03:57:40 -0500</example>
|
|
855
734
|
<param pos="0" name="service.vendor" value="Lotus"/>
|
|
@@ -860,23 +739,18 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
860
739
|
<param pos="3" name="system.time"/>
|
|
861
740
|
</fingerprint>
|
|
862
741
|
<fingerprint pattern="^Lotus Notes ESMTP Server X[^ ]+\.[^ ]+ on (.+) ready at (.+)\. *$">
|
|
863
|
-
<description>
|
|
864
|
-
|
|
865
|
-
220 Lotus Notes ESMTP Server X1.0 on RedSox R45 Server/Red Sox/US ready at Fri, 15 Feb 2002 09:46:19 -0800.
|
|
866
|
-
</description>
|
|
742
|
+
<description>Lotus Notes 4.x with SMTP MTA add-on</description>
|
|
743
|
+
<example host.name="FooBar R45 Server/Foo Bar/US" system.time="Fri, 15 Feb 2002 09:46:19 -0800">Lotus Notes ESMTP Server X1.0 on FooBar R45 Server/Foo Bar/US ready at Fri, 15 Feb 2002 09:46:19 -0800.</example>
|
|
867
744
|
<param pos="0" name="service.vendor" value="Lotus"/>
|
|
868
745
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
|
869
746
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
|
870
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
747
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
871
748
|
<param pos="1" name="host.name"/>
|
|
872
749
|
<param pos="2" name="system.time"/>
|
|
873
750
|
</fingerprint>
|
|
874
751
|
<fingerprint pattern="^([^ ]+) NTMail \(v(\d+\.\d+\.\d+)/([^ ]+)\) ready for ESMTP transfer *$">
|
|
875
|
-
<description>
|
|
876
|
-
|
|
877
|
-
example: 220 lilzmail.liwest.at NTMail (v4.30.0012/NU2182.02.1cf87970) ready for ESMTP transfer
|
|
878
|
-
example: 220 pluto.wvwc.edu NTMail (v5.06.0016/NT9445.00.28cc9615) ready for ESMTP transfer
|
|
879
|
-
</description>
|
|
752
|
+
<description>NTMail (http://www.gordano.com)</description>
|
|
753
|
+
<example host.name="foo.bar" service.version="7.02.3037" ntmail.id="NU1319.01.5b000000">foo.bar NTMail (v7.02.3037/NU1319.01.5b000000) ready for ESMTP transfer </example>
|
|
880
754
|
<param pos="0" name="service.vendor" value="Gordano"/>
|
|
881
755
|
<param pos="0" name="service.family" value="NTMail"/>
|
|
882
756
|
<param pos="0" name="service.product" value="NTMail"/>
|
|
@@ -885,20 +759,12 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
885
759
|
<param pos="3" name="ntmail.id"/>
|
|
886
760
|
</fingerprint>
|
|
887
761
|
<fingerprint pattern="^([^ ]+) WindowsNT SMTP Server v([^ ]+\.[^ ]+\.[^ ]+)/([^ ]+)/SP ESMTP ready at (.+) *$">
|
|
888
|
-
<description>
|
|
889
|
-
|
|
890
|
-
example: 220 mail.Networkengineering WindowsNT SMTP Server v3.03.0018/1.aio1/SP ESMTP ready at Wed, 25 Jul 2001 23:03:11 -0400
|
|
891
|
-
example: 220 mars.wvwc.edu WindowsNT SMTP Server v3.03.0018/1.ajhf/SP ESMTP ready at Thu, 29 Oct 1998 18:01:30 -0500
|
|
892
|
-
example: 220 mail.someisp.net WindowsNT SMTP Server v3.03.0017/1.aihl/SP ESMTP ready at Sun, 6 Jun 1999 10:39:30 -0400
|
|
893
|
-
example: 220 nt03s02.switchlink.be WindowsNT SMTP Server v3.03.0014/1.aiss/SP ESMTP ready at Fri, 17 Apr 1998 16:59:04 +0100
|
|
894
|
-
example: 220 www.afsc.org WindowsNT SMTP Server v3.03.0017/1.abkz/SP ESMTP ready at Mon, 2 Oct 2000 11:50:29 -0400
|
|
895
|
-
example: 220 wwmerchant.osopinion.com WindowsNT SMTP Server v3.03.0017/4c.adur/SP ESMTP ready at Fri, 26 Mar 1999 13:20:30 -0700
|
|
896
|
-
example: 220 digital-hoon.tecdm.dmi.co.kr WindowsNT SMTP Server v3.02.07/2c.aaaj ready at Thu, 5 Dec 1996 22:46:12 +0000
|
|
897
|
-
</description>
|
|
762
|
+
<description>NTMail - versions 3.x and earlier (it was called Internet Shopper's something or other)</description>
|
|
763
|
+
<example host.name="foo.bar" service.version="3.03.0018" ntmail.id="7.aavn">foo.bar WindowsNT SMTP Server v3.03.0018/7.aavn/SP ESMTP ready at Thu, 30 Nov 2017 10:15:31 +0100</example>
|
|
898
764
|
<param pos="0" name="service.vendor" value="Gordano"/>
|
|
899
765
|
<param pos="0" name="service.family" value="NTMail"/>
|
|
900
766
|
<param pos="0" name="service.product" value="NTMail"/>
|
|
901
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
767
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
902
768
|
<param pos="1" name="host.name"/>
|
|
903
769
|
<param pos="2" name="service.version"/>
|
|
904
770
|
<param pos="3" name="ntmail.id"/>
|
|
@@ -906,10 +772,10 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
906
772
|
</fingerprint>
|
|
907
773
|
<fingerprint pattern="^(\S+)(?: UCX)? V\S+, OpenVMS V(\S+) (\S+) ready at .*$">
|
|
908
774
|
<description>Some unknown mail server on OpenVMS</description>
|
|
909
|
-
<example host.name="
|
|
910
|
-
<example host.name="
|
|
911
|
-
<example host.name="
|
|
912
|
-
<example host.name="
|
|
775
|
+
<example host.name="foo.bar" os.arch="IA64" os.version="8.4">foo.bar V5.7-ECO4, OpenVMS V8.4 IA64 ready at Wed, 20 May 2015 01:22:32 +0100 (BST)</example>
|
|
776
|
+
<example host.name="foo.bar" os.arch="Alpha" os.version="7.3-2">foo.bar V5.4-15E, OpenVMS V7.3-2 Alpha ready at Wed, 20 May 2015 01:22:18 +0100 (BST)</example>
|
|
777
|
+
<example host.name="foo.bar" os.arch="VAX" os.version="6.2">foo.bar UCX V4.2-21I, OpenVMS V6.2 VAX ready at Wed, 20 May 2015 01:15:16 GMT</example>
|
|
778
|
+
<example host.name="foo.bar" os.arch="Alpha" os.version="6.2-1H3">foo.bar UCX V4.2-21I, OpenVMS V6.2-1H3 Alpha ready at Wed, 20 May 2015 00:55:37 GMT</example>
|
|
913
779
|
<param pos="1" name="host.name"/>
|
|
914
780
|
<param pos="0" name="os.vendor" value="HP"/>
|
|
915
781
|
<param pos="0" name="os.family" value="OpenVMS"/>
|
|
@@ -918,20 +784,19 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
918
784
|
<param pos="2" name="os.version"/>
|
|
919
785
|
<param pos="3" name="os.arch"/>
|
|
920
786
|
</fingerprint>
|
|
921
|
-
<fingerprint pattern="^(\S+) E?SMTP PMailServer(?: \[Free Edition\]) ([\d\.]+); (\
|
|
787
|
+
<fingerprint pattern="^(\S+) E?SMTP PMailServer(?: \[Free Edition\])? ([\d\.]+); (\w\w\w, +\d+ \w\w\w \d\d\d\d [\d:]+)$">
|
|
922
788
|
<description>A.K.I PMail</description>
|
|
923
|
-
<example host.name="
|
|
789
|
+
<example host.name="foo.bar" service.version="1.91">foo.bar ESMTP PMailServer [Free Edition] 1.91; Fri, 22 May 2015 02:04:56</example>
|
|
790
|
+
<example host.name="foo.bar" service.version="1.78">foo.bar ESMTP PMailServer 1.78; Fri, 6 Apr 2018 04:34:11</example>
|
|
924
791
|
<param pos="0" name="service.vendor" value="A.K.I Software"/>
|
|
925
792
|
<param pos="0" name="service.product" value="PMail Server"/>
|
|
926
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
793
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss"/>
|
|
927
794
|
<param pos="1" name="host.name"/>
|
|
928
795
|
<param pos="2" name="service.version"/>
|
|
929
796
|
<param pos="3" name="system.time"/>
|
|
930
797
|
</fingerprint>
|
|
931
798
|
<fingerprint pattern="^([^ ]+) Postfix \(Postfix-([^ ]+)-([^ ]+)\) \(([^ ]+)\) *$">
|
|
932
|
-
<description>
|
|
933
|
-
Postfix (2 version ids, followed by os)
|
|
934
|
-
</description>
|
|
799
|
+
<description>Postfix - version + build, followed by os</description>
|
|
935
800
|
<param pos="0" name="service.family" value="Postfix"/>
|
|
936
801
|
<param pos="0" name="service.product" value="Postfix"/>
|
|
937
802
|
<param pos="1" name="host.name"/>
|
|
@@ -939,20 +804,17 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
939
804
|
<param pos="3" name="service.version.version"/>
|
|
940
805
|
<param pos="4" name="postfix.os.info"/>
|
|
941
806
|
</fingerprint>
|
|
942
|
-
<fingerprint pattern="^([^ ]+) ESMTP Postfix \(
|
|
943
|
-
<description>
|
|
944
|
-
|
|
945
|
-
|
|
807
|
+
<fingerprint pattern="^([^ ]+) ESMTP Postfix \(?([\d.]+)\)?$">
|
|
808
|
+
<description>Postfix - Std semantic versioning, w/ optional parens</description>
|
|
809
|
+
<example service.version="3.1.4">foo.bar ESMTP Postfix (3.1.4)</example>
|
|
810
|
+
<example service.version="2.7.1">foo.bar ESMTP Postfix 2.7.1</example>
|
|
946
811
|
<param pos="0" name="service.family" value="Postfix"/>
|
|
947
812
|
<param pos="0" name="service.product" value="Postfix"/>
|
|
948
813
|
<param pos="1" name="host.name"/>
|
|
949
814
|
<param pos="2" name="service.version"/>
|
|
950
|
-
<param pos="3" name="service.version.version"/>
|
|
951
815
|
</fingerprint>
|
|
952
|
-
<fingerprint pattern="^([^ ]+) ESMTP Postfix \(([\d.]+)-([^ ]+)\)$">
|
|
953
|
-
<description>
|
|
954
|
-
Postfix (2 version numbers )
|
|
955
|
-
</description>
|
|
816
|
+
<fingerprint pattern="^([^ ]+) ESMTP Postfix \((?:Postfix-)?([\d.]+)-([^ ]+)\)$">
|
|
817
|
+
<description>Postfix - version + build</description>
|
|
956
818
|
<example service.version="2.8" service.version.version="20100306">foo.bar ESMTP Postfix (2.8-20100306)</example>
|
|
957
819
|
<param pos="0" name="service.family" value="Postfix"/>
|
|
958
820
|
<param pos="0" name="service.product" value="Postfix"/>
|
|
@@ -960,21 +822,21 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
960
822
|
<param pos="2" name="service.version"/>
|
|
961
823
|
<param pos="3" name="service.version.version"/>
|
|
962
824
|
</fingerprint>
|
|
963
|
-
<fingerprint pattern="^([^ ]+)
|
|
964
|
-
<description>
|
|
965
|
-
|
|
966
|
-
</description>
|
|
825
|
+
<fingerprint pattern="^([^ ]+) +E?SMTP Postfix \(Ubuntu\)$">
|
|
826
|
+
<description>Postfix - Ubuntu</description>
|
|
827
|
+
<example>foo.bar ESMTP Postfix (Ubuntu)</example>
|
|
967
828
|
<param pos="0" name="service.family" value="Postfix"/>
|
|
968
829
|
<param pos="0" name="service.product" value="Postfix"/>
|
|
969
830
|
<param pos="1" name="host.name"/>
|
|
970
|
-
<param pos="
|
|
971
|
-
<param pos="
|
|
831
|
+
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
|
832
|
+
<param pos="0" name="os.device" value="General"/>
|
|
833
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
834
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
972
835
|
</fingerprint>
|
|
973
|
-
<fingerprint pattern="^([^ ]+)
|
|
974
|
-
<description>
|
|
975
|
-
|
|
976
|
-
|
|
977
|
-
<example>foo.bar.com ESMTP Postfix (Ubuntu)</example>
|
|
836
|
+
<fingerprint pattern="^([^ ]+)(?: ESMTP)? Hi, I'm a Mail-in-a-Box \(Ubuntu/Postfix; see https://mailinabox.email/\)$">
|
|
837
|
+
<description>Postfix - Ubuntu, Mail-in-a-Box package</description>
|
|
838
|
+
<example>foo.bar ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
|
|
839
|
+
<example>foo.bar Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
|
|
978
840
|
<param pos="0" name="service.family" value="Postfix"/>
|
|
979
841
|
<param pos="0" name="service.product" value="Postfix"/>
|
|
980
842
|
<param pos="1" name="host.name"/>
|
|
@@ -983,11 +845,9 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
983
845
|
<param pos="0" name="os.family" value="Linux"/>
|
|
984
846
|
<param pos="0" name="os.product" value="Linux"/>
|
|
985
847
|
</fingerprint>
|
|
986
|
-
<fingerprint pattern="^([^ ]+) E?SMTP Postfix \(Debian/GNU\)$">
|
|
987
|
-
<description>
|
|
988
|
-
|
|
989
|
-
</description>
|
|
990
|
-
<example>foo.bar.com ESMTP Postfix (Debian/GNU)</example>
|
|
848
|
+
<fingerprint pattern="^([^ ]+) +E?SMTP Postfix \(Debian/GNU\)$">
|
|
849
|
+
<description>Postfix - Debian</description>
|
|
850
|
+
<example>foo.bar ESMTP Postfix (Debian/GNU)</example>
|
|
991
851
|
<param pos="0" name="service.family" value="Postfix"/>
|
|
992
852
|
<param pos="0" name="service.product" value="Postfix"/>
|
|
993
853
|
<param pos="1" name="host.name"/>
|
|
@@ -997,50 +857,40 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
997
857
|
<param pos="0" name="os.product" value="Linux"/>
|
|
998
858
|
</fingerprint>
|
|
999
859
|
<fingerprint pattern="^([^ ]+) ESMTP.* Postfix *\(.+\) *$">
|
|
1000
|
-
<description>
|
|
1001
|
-
|
|
1002
|
-
</description>
|
|
1003
|
-
<example>foo.bar.com ESMTP Postfix (lol)</example>
|
|
860
|
+
<description>Postfix - generic banner with amusing comments in parentheses</description>
|
|
861
|
+
<example>foo.bar ESMTP Postfix (lol)</example>
|
|
1004
862
|
<param pos="0" name="service.family" value="Postfix"/>
|
|
1005
863
|
<param pos="0" name="service.product" value="Postfix"/>
|
|
1006
864
|
<param pos="1" name="host.name"/>
|
|
1007
865
|
</fingerprint>
|
|
1008
|
-
<fingerprint pattern="^([^ ]+)
|
|
1009
|
-
<description>
|
|
1010
|
-
|
|
1011
|
-
|
|
1012
|
-
<example>foo.bar.com ESMTP Postfix</example>
|
|
866
|
+
<fingerprint pattern="^(?i)([^ ]+) +E?SMTP.* Postfix *$">
|
|
867
|
+
<description>Postfix - generic banner</description>
|
|
868
|
+
<example>foo.bar ESMTP Postfix</example>
|
|
869
|
+
<example>foo.bar SMTP Postfix</example>
|
|
1013
870
|
<param pos="0" name="service.family" value="Postfix"/>
|
|
1014
871
|
<param pos="0" name="service.product" value="Postfix"/>
|
|
1015
872
|
<param pos="1" name="host.name"/>
|
|
1016
873
|
</fingerprint>
|
|
1017
|
-
<fingerprint pattern="^ESMTP Postfix$">
|
|
1018
|
-
<description>Postfix banner without hostname or version</description>
|
|
874
|
+
<fingerprint pattern="^ *ESMTP Postfix$">
|
|
875
|
+
<description>Postfix - banner without hostname or version</description>
|
|
1019
876
|
<example>ESMTP Postfix</example>
|
|
1020
877
|
<param pos="0" name="service.family" value="Postfix"/>
|
|
1021
878
|
<param pos="0" name="service.product" value="Postfix"/>
|
|
1022
879
|
</fingerprint>
|
|
1023
|
-
<fingerprint pattern="^(
|
|
1024
|
-
<description>
|
|
1025
|
-
|
|
1026
|
-
|
|
1027
|
-
<
|
|
1028
|
-
<param pos="0" name="service.family" value="Post.Office"/>
|
|
1029
|
-
<param pos="0" name="service.product" value="Post.Office"/>
|
|
1030
|
-
<param pos="2" name="service.version"/>
|
|
1031
|
-
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
880
|
+
<fingerprint pattern="^(?i)((?!ESMTP)[^ ]+) POSTFIX$">
|
|
881
|
+
<description>Postfix - generic w/o ESMTP</description>
|
|
882
|
+
<example host.name="foo.bar">foo.bar Postfix</example>
|
|
883
|
+
<param pos="0" name="service.family" value="Postfix"/>
|
|
884
|
+
<param pos="0" name="service.product" value="Postfix"/>
|
|
1032
885
|
<param pos="1" name="host.name"/>
|
|
1033
|
-
<param pos="3" name="postoffice.build"/>
|
|
1034
|
-
<param pos="4" name="postoffice.id"/>
|
|
1035
|
-
<param pos="5" name="system.time"/>
|
|
1036
886
|
</fingerprint>
|
|
1037
|
-
<fingerprint pattern="^([^ ]+) ESMTP server \(P
|
|
1038
|
-
<description>
|
|
1039
|
-
|
|
1040
|
-
|
|
887
|
+
<fingerprint pattern="^([^ ]+) ESMTP server \((?i:P)ost\.(?i:O)ffice v([^ ]+\.[^ ]+)(?: release)? (.+) ID# ([^ ]+)\) ready (.+) *$">
|
|
888
|
+
<description>Post.Office</description>
|
|
889
|
+
<example host.name="foo.bar" service.version="3.8.4" postoffice.build="116" postoffice.id="1001-65749U100L10S0V38" system.time="Thu, 30 Nov 2017 18:46:24 +0900">foo.bar ESMTP server (post.office v3.8.4 release 116 ID# 1001-65749U100L10S0V38) ready Thu, 30 Nov 2017 18:46:24 +0900</example>
|
|
890
|
+
<example host.name="foo.bar" service.version="3.1" postoffice.build="PO205e" postoffice.id="0-42000U100L2S100" system.time="Tue, 6 Feb 2001 19:38:32 +0100">foo.bar ESMTP server (Post.Office v3.1 release PO205e ID# 0-42000U100L2S100) ready Tue, 6 Feb 2001 19:38:32 +0100</example>
|
|
1041
891
|
<param pos="0" name="service.family" value="Post.Office"/>
|
|
1042
892
|
<param pos="0" name="service.product" value="Post.Office"/>
|
|
1043
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
893
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1044
894
|
<param pos="1" name="host.name"/>
|
|
1045
895
|
<param pos="2" name="service.version"/>
|
|
1046
896
|
<param pos="3" name="postoffice.build"/>
|
|
@@ -1048,44 +898,44 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1048
898
|
<param pos="5" name="system.time"/>
|
|
1049
899
|
</fingerprint>
|
|
1050
900
|
<fingerprint pattern="^([^ ]+) Generic SMTP handler *$">
|
|
1051
|
-
<description>
|
|
1052
|
-
|
|
1053
|
-
example: 220 foo.bar.com Generic SMTP handler
|
|
1054
|
-
</description>
|
|
901
|
+
<description>Raptor Firewall (low confidence)</description>
|
|
902
|
+
<example host.name="foo.bar">foo.bar Generic SMTP handler</example>
|
|
1055
903
|
<param pos="0" name="service.product" value="raptor"/>
|
|
1056
904
|
<param pos="1" name="host.name"/>
|
|
1057
905
|
</fingerprint>
|
|
1058
906
|
<fingerprint pattern="^(\S+) SAP (\S+) E?SMTP service ready$">
|
|
1059
907
|
<description>SAP SMTP Server</description>
|
|
1060
|
-
<example host.name="
|
|
908
|
+
<example host.name="foo.bar" service.version="8.04(53)">foo.bar SAP 8.04(53) ESMTP service ready</example>
|
|
1061
909
|
<param pos="0" name="service.vendor" value="SAP"/>
|
|
1062
910
|
<param pos="0" name="service.product" value="SMTP"/>
|
|
1063
911
|
<param pos="2" name="service.version"/>
|
|
1064
912
|
<param pos="1" name="host.name"/>
|
|
1065
913
|
</fingerprint>
|
|
914
|
+
<fingerprint pattern="^Sendmail ESMTP ready$">
|
|
915
|
+
<description>Sendmail - short banner w/o hostname, version, platform, or date.</description>
|
|
916
|
+
<example>Sendmail ESMTP ready</example>
|
|
917
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
|
918
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
|
919
|
+
</fingerprint>
|
|
1066
920
|
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
|
|
1067
|
-
<description>
|
|
1068
|
-
|
|
1069
|
-
</description>
|
|
1070
|
-
<example>foo.bar.com ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
|
|
921
|
+
<description>Sendmail - HP-UX with a PHNE (HP Networking patch) installed</description>
|
|
922
|
+
<example host.name="foo.bar" service.version="8.8.6" sendmail.config.version="8.7.1">foo.bar ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
|
|
1071
923
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1072
924
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1073
925
|
<param pos="0" name="os.vendor" value="HP"/>
|
|
1074
926
|
<param pos="0" name="os.family" value="HP-UX"/>
|
|
1075
927
|
<param pos="0" name="os.device" value="General"/>
|
|
1076
928
|
<param pos="0" name="os.product" value="HP-UX"/>
|
|
1077
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
929
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1078
930
|
<param pos="1" name="host.name"/>
|
|
1079
931
|
<param pos="2" name="service.version"/>
|
|
1080
932
|
<param pos="3" name="sendmail.hpux.phne.version"/>
|
|
1081
933
|
<param pos="4" name="sendmail.config.version"/>
|
|
1082
934
|
<param pos="5" name="system.time"/>
|
|
1083
935
|
</fingerprint>
|
|
1084
|
-
<fingerprint pattern="^(\S+) ESMTP Sendmail \S+ version ([\d\.]+) - Revision \S+ HP-UX([\d\.]+).*(\
|
|
1085
|
-
<description>
|
|
1086
|
-
|
|
1087
|
-
</description>
|
|
1088
|
-
<example host.name="example.com" os.version="11.31" service.version="8.13.3">example.com ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
|
|
936
|
+
<fingerprint pattern="^(\S+) ESMTP Sendmail \S+ version ([\d\.]+) - Revision \S+ HP-UX([\d\.]+).*(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w\w\w)$">
|
|
937
|
+
<description>Sendmail - HP-UX</description>
|
|
938
|
+
<example host.name="foo.bar" os.version="11.31" service.version="8.13.3">foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
|
|
1089
939
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1090
940
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1091
941
|
<param pos="0" name="os.vendor" value="HP"/>
|
|
@@ -1093,57 +943,51 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1093
943
|
<param pos="0" name="os.device" value="General"/>
|
|
1094
944
|
<param pos="0" name="os.product" value="HP-UX"/>
|
|
1095
945
|
<param pos="3" name="os.version"/>
|
|
1096
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
946
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss z"/>
|
|
1097
947
|
<param pos="1" name="host.name"/>
|
|
1098
948
|
<param pos="2" name="service.version"/>
|
|
1099
949
|
<param pos="4" name="system.time"/>
|
|
1100
950
|
</fingerprint>
|
|
1101
951
|
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
|
|
1102
|
-
<description>
|
|
1103
|
-
|
|
1104
|
-
</description>
|
|
1105
|
-
<example>foo.bar.com ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
|
|
952
|
+
<description>Sendmail - Unixware</description>
|
|
953
|
+
<example service.version="8.8.7">foo.bar ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
|
|
1106
954
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1107
955
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1108
956
|
<param pos="0" name="os.vendor" value="SCO"/>
|
|
1109
957
|
<param pos="0" name="os.family" value="UnixWare"/>
|
|
1110
958
|
<param pos="0" name="os.device" value="General"/>
|
|
1111
959
|
<param pos="0" name="os.product" value="UnixWare"/>
|
|
1112
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
960
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1113
961
|
<param pos="1" name="host.name"/>
|
|
1114
962
|
<param pos="2" name="service.version"/>
|
|
1115
963
|
<param pos="3" name="os.version"/>
|
|
1116
964
|
<param pos="4" name="system.time"/>
|
|
1117
965
|
</fingerprint>
|
|
1118
966
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/UCB ([^;]+); (.+) \(.+\)$">
|
|
1119
|
-
<description>
|
|
1120
|
-
|
|
1121
|
-
</description>
|
|
1122
|
-
<example>foo.bar.com ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
|
967
|
+
<description>Sendmail - AIX (UCB variant)</description>
|
|
968
|
+
<example os.version="4.2" service.version="8.7">foo.bar ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
|
1123
969
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1124
970
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1125
971
|
<param pos="0" name="os.vendor" value="IBM"/>
|
|
1126
972
|
<param pos="0" name="os.family" value="AIX"/>
|
|
1127
973
|
<param pos="0" name="os.device" value="General"/>
|
|
1128
974
|
<param pos="0" name="os.product" value="AIX"/>
|
|
1129
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
975
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1130
976
|
<param pos="1" name="host.name"/>
|
|
1131
977
|
<param pos="2" name="os.version"/>
|
|
1132
978
|
<param pos="3" name="service.version"/>
|
|
1133
979
|
<param pos="4" name="system.time"/>
|
|
1134
980
|
</fingerprint>
|
|
1135
981
|
<fingerprint pattern="^([^ ]+) Sendmail AIX([^/]+)/UCB ([^/]+)/([^ ]+) ready at (.+)$">
|
|
1136
|
-
<description>
|
|
1137
|
-
|
|
1138
|
-
</description>
|
|
1139
|
-
<example>foo.bar.com Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
|
|
982
|
+
<description>Sendmail - AIX (UCB/ready at variant)</description>
|
|
983
|
+
<example>foo.bar Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
|
|
1140
984
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1141
985
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1142
986
|
<param pos="0" name="os.vendor" value="IBM"/>
|
|
1143
987
|
<param pos="0" name="os.family" value="AIX"/>
|
|
1144
988
|
<param pos="0" name="os.device" value="General"/>
|
|
1145
989
|
<param pos="0" name="os.product" value="AIX"/>
|
|
1146
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
990
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1147
991
|
<param pos="1" name="host.name"/>
|
|
1148
992
|
<param pos="2" name="os.version"/>
|
|
1149
993
|
<param pos="3" name="service.version"/>
|
|
@@ -1151,18 +995,16 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1151
995
|
<param pos="5" name="system.time"/>
|
|
1152
996
|
</fingerprint>
|
|
1153
997
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/([^/]+)/([^;]+); (.+)(?: \(.+\))?$">
|
|
1154
|
-
<description>
|
|
1155
|
-
|
|
1156
|
-
|
|
1157
|
-
<example host.name="example.com" os.version="4.2" service.version="8.7" sendmail.config.version="8.8">example.com ESMTP Sendmail AIX4.2/8.7/8.8; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
|
1158
|
-
<example host.name="example.com" os.version="5.1" service.version="8.11.6p2" sendmail.config.version="8.11.0">example.com ESMTP Sendmail AIX5.1/8.11.6p2/8.11.0; Fri, 28 Aug 1970 19:42:05 -0800</example>
|
|
998
|
+
<description>Sendmail - AIX</description>
|
|
999
|
+
<example host.name="foo.bar" os.version="4.2" service.version="8.7" sendmail.config.version="8.8">foo.bar ESMTP Sendmail AIX4.2/8.7/8.8; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
|
1000
|
+
<example host.name="foo.bar" os.version="5.1" service.version="8.11.6p2" sendmail.config.version="8.11.0">foo.bar ESMTP Sendmail AIX5.1/8.11.6p2/8.11.0; Fri, 28 Aug 1970 19:42:05 -0800</example>
|
|
1159
1001
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1160
1002
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1161
1003
|
<param pos="0" name="os.vendor" value="IBM"/>
|
|
1162
1004
|
<param pos="0" name="os.family" value="AIX"/>
|
|
1163
1005
|
<param pos="0" name="os.device" value="General"/>
|
|
1164
1006
|
<param pos="0" name="os.product" value="AIX"/>
|
|
1165
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1007
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1166
1008
|
<param pos="1" name="host.name"/>
|
|
1167
1009
|
<param pos="2" name="os.version"/>
|
|
1168
1010
|
<param pos="3" name="service.version"/>
|
|
@@ -1170,17 +1012,15 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1170
1012
|
<param pos="5" name="system.time"/>
|
|
1171
1013
|
</fingerprint>
|
|
1172
1014
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/SuSE Linux ([^;]+); (.+)$">
|
|
1173
|
-
<description>
|
|
1174
|
-
|
|
1175
|
-
</description>
|
|
1176
|
-
<example>foo.bar.com ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
|
|
1015
|
+
<description>Sendmail - SuSE Linux</description>
|
|
1016
|
+
<example>foo.bar ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
|
|
1177
1017
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1178
1018
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1179
1019
|
<param pos="0" name="os.vendor" value="SuSE"/>
|
|
1180
1020
|
<param pos="0" name="os.family" value="Linux"/>
|
|
1181
1021
|
<param pos="0" name="os.device" value="General"/>
|
|
1182
1022
|
<param pos="0" name="os.product" value="Linux"/>
|
|
1183
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1023
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1184
1024
|
<param pos="1" name="host.name"/>
|
|
1185
1025
|
<param pos="2" name="service.version"/>
|
|
1186
1026
|
<param pos="3" name="sendmail.config.version"/>
|
|
@@ -1188,129 +1028,190 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1188
1028
|
<param pos="5" name="system.time"/>
|
|
1189
1029
|
</fingerprint>
|
|
1190
1030
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+); (.+)$">
|
|
1191
|
-
<description>
|
|
1192
|
-
|
|
1193
|
-
</description>
|
|
1194
|
-
<example>foo.bar.com ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
|
|
1031
|
+
<description>Sendmail - Solaris with date (no time offeset variant)</description>
|
|
1032
|
+
<example>foo.bar ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
|
|
1195
1033
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1196
1034
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1197
1035
|
<param pos="0" name="os.vendor" value="Sun"/>
|
|
1198
1036
|
<param pos="0" name="os.family" value="Solaris"/>
|
|
1199
1037
|
<param pos="0" name="os.device" value="General"/>
|
|
1200
1038
|
<param pos="0" name="os.product" value="Solaris"/>
|
|
1201
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1039
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss zzz"/>
|
|
1202
1040
|
<param pos="1" name="host.name"/>
|
|
1203
1041
|
<param pos="2" name="service.version"/>
|
|
1204
1042
|
<param pos="3" name="sendmail.config.version"/>
|
|
1205
1043
|
<param pos="4" name="system.time"/>
|
|
1206
1044
|
</fingerprint>
|
|
1207
1045
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+) ready at (.+) \(.+\)$">
|
|
1208
|
-
<description>
|
|
1209
|
-
|
|
1210
|
-
</description>
|
|
1211
|
-
<example>foo.bar.com ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
|
|
1046
|
+
<description>Sendmail - Solaris with date (ready variant)</description>
|
|
1047
|
+
<example>foo.bar ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
|
|
1212
1048
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1213
1049
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1214
1050
|
<param pos="0" name="os.vendor" value="Sun"/>
|
|
1215
1051
|
<param pos="0" name="os.family" value="Solaris"/>
|
|
1216
1052
|
<param pos="0" name="os.device" value="General"/>
|
|
1217
1053
|
<param pos="0" name="os.product" value="Solaris"/>
|
|
1218
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1054
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1219
1055
|
<param pos="1" name="host.name"/>
|
|
1220
1056
|
<param pos="2" name="service.version"/>
|
|
1221
1057
|
<param pos="3" name="sendmail.config.version"/>
|
|
1222
1058
|
<param pos="4" name="system.time"/>
|
|
1223
1059
|
</fingerprint>
|
|
1224
|
-
<fingerprint pattern="^([^ ]+) ESMTP Debian Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
|
|
1225
|
-
<description>
|
|
1226
|
-
|
|
1227
|
-
|
|
1228
|
-
<example>foo.bar.com ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
|
|
1060
|
+
<fingerprint pattern="^([^ ]+) ESMTP (?:Debian )?Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
|
|
1061
|
+
<description>Sendmail - Debian</description>
|
|
1062
|
+
<example service.version="8.12.0.Beta7" sendmail.config.version="8.12.0.Beta7" sendmail.vendor.version="8.12.0.Beta7-1">foo.bar ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
|
|
1063
|
+
<example service.version="8.11.0" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-21">foo.bar ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
|
|
1229
1064
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1230
1065
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1231
1066
|
<param pos="0" name="os.vendor" value="Debian"/>
|
|
1232
1067
|
<param pos="0" name="os.family" value="Linux"/>
|
|
1233
1068
|
<param pos="0" name="os.device" value="General"/>
|
|
1234
1069
|
<param pos="0" name="os.product" value="Linux"/>
|
|
1235
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1070
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1236
1071
|
<param pos="1" name="host.name"/>
|
|
1237
1072
|
<param pos="2" name="service.version"/>
|
|
1238
1073
|
<param pos="3" name="sendmail.config.version"/>
|
|
1239
1074
|
<param pos="4" name="sendmail.vendor.version"/>
|
|
1240
1075
|
<param pos="5" name="system.time"/>
|
|
1241
1076
|
</fingerprint>
|
|
1242
|
-
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian
|
|
1243
|
-
<description>
|
|
1244
|
-
|
|
1245
|
-
|
|
1246
|
-
<example>foo.bar.com ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
|
|
1077
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+(?:wheezy|deb7u)\d; (.+); .*$">
|
|
1078
|
+
<description>Sendmail - Debian 7.x (wheezy)</description>
|
|
1079
|
+
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
|
1080
|
+
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+deb7u1; Thu, 30 Nov 2017 11:00:33 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
|
1247
1081
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1248
1082
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1249
1083
|
<param pos="0" name="os.vendor" value="Debian"/>
|
|
1250
1084
|
<param pos="0" name="os.family" value="Linux"/>
|
|
1251
|
-
<param pos="0" name="os.device" value="General"/>
|
|
1252
1085
|
<param pos="0" name="os.product" value="Linux"/>
|
|
1253
|
-
<param pos="0" name="
|
|
1086
|
+
<param pos="0" name="os.version" value="7.0"/>
|
|
1087
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1254
1088
|
<param pos="1" name="host.name"/>
|
|
1255
1089
|
<param pos="2" name="service.version"/>
|
|
1256
1090
|
<param pos="3" name="sendmail.config.version"/>
|
|
1257
|
-
<param pos="4" name="
|
|
1258
|
-
<param pos="5" name="system.time"/>
|
|
1091
|
+
<param pos="4" name="system.time"/>
|
|
1259
1092
|
</fingerprint>
|
|
1260
|
-
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/[^/]
|
|
1261
|
-
<description>
|
|
1262
|
-
|
|
1263
|
-
|
|
1264
|
-
<
|
|
1093
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb8u\d; (.+); .*$">
|
|
1094
|
+
<description>Sendmail - Debian 8.x (jessie)</description>
|
|
1095
|
+
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-8+deb8u2; Thu, 30 Nov 2017 10:25:48 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
|
1096
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1097
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1098
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
1099
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
1100
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
1101
|
+
<param pos="0" name="os.version" value="8.0"/>
|
|
1102
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1103
|
+
<param pos="1" name="host.name"/>
|
|
1104
|
+
<param pos="2" name="service.version"/>
|
|
1105
|
+
<param pos="3" name="sendmail.config.version"/>
|
|
1106
|
+
<param pos="4" name="system.time"/>
|
|
1107
|
+
</fingerprint>
|
|
1108
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+lenny\d; (.+); .*$">
|
|
1109
|
+
<description>Sendmail - Debian 5.x (lenny)</description>
|
|
1110
|
+
<example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-5+lenny1; Thu, 30 Nov 2017 12:29:40 +0300; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
|
1111
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1112
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1113
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
1114
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
1115
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
1116
|
+
<param pos="0" name="os.version" value="5.0"/>
|
|
1117
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1118
|
+
<param pos="1" name="host.name"/>
|
|
1119
|
+
<param pos="2" name="service.version"/>
|
|
1120
|
+
<param pos="3" name="sendmail.config.version"/>
|
|
1121
|
+
<param pos="4" name="system.time"/>
|
|
1122
|
+
</fingerprint>
|
|
1123
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+etch\d; (.+); .*$">
|
|
1124
|
+
<description>Sendmail - Debian 4.x (etch)</description>
|
|
1125
|
+
<example service.version="8.13.8" sendmail.config.version="8.13.8">foo.bar ESMTP Sendmail 8.13.8/8.13.8/Debian-3+etch1; Thu, 30 Nov 2017 10:28:23 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
|
1126
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1127
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1128
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
1129
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
1130
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
1131
|
+
<param pos="0" name="os.version" value="4.0"/>
|
|
1132
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1133
|
+
<param pos="1" name="host.name"/>
|
|
1134
|
+
<param pos="2" name="service.version"/>
|
|
1135
|
+
<param pos="3" name="sendmail.config.version"/>
|
|
1136
|
+
<param pos="4" name="system.time"/>
|
|
1137
|
+
</fingerprint>
|
|
1138
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\dsarge\d; (.+); .*$">
|
|
1139
|
+
<description>Sendmail - Debian 3.1 (sarge)</description>
|
|
1140
|
+
<example service.version="8.13.4">foo.bar ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge1; Thu, 30 Nov 2017 10:55:47 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
|
1141
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1142
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1143
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
1144
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
1145
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
1146
|
+
<param pos="0" name="os.version" value="3.1"/>
|
|
1147
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1148
|
+
<param pos="1" name="host.name"/>
|
|
1149
|
+
<param pos="2" name="service.version"/>
|
|
1150
|
+
<param pos="3" name="sendmail.config.version"/>
|
|
1151
|
+
<param pos="4" name="system.time"/>
|
|
1152
|
+
</fingerprint>
|
|
1153
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d(?:\.\d)?(?:build\d)?+; (.+); .*$">
|
|
1154
|
+
<description>Sendmail - Debian patch only</description>
|
|
1155
|
+
<example service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-3; Thu, 30 Nov 2017 10:55:50 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
|
1156
|
+
<example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-9.4; Thu, 30 Nov 2017 10:11:54 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
|
1157
|
+
<example service.version="8.14.2">foo.bar ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Thu, 30 Nov 2017 04:09:50 -0600; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
|
1158
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1159
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1160
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
|
1161
|
+
<param pos="0" name="os.family" value="Linux"/>
|
|
1162
|
+
<param pos="0" name="os.product" value="Linux"/>
|
|
1163
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1164
|
+
<param pos="1" name="host.name"/>
|
|
1165
|
+
<param pos="2" name="service.version"/>
|
|
1166
|
+
<param pos="3" name="sendmail.config.version"/>
|
|
1167
|
+
<param pos="4" name="system.time"/>
|
|
1168
|
+
</fingerprint>
|
|
1169
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/[^/]+/Debian-[\d.]+ubuntu[^ ]*; (.+); .*$">
|
|
1170
|
+
<description>Sendmail - Ubuntu</description>
|
|
1171
|
+
<example service.version="8.13.5.20060308">foo.bar ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
|
1172
|
+
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Thu, 30 Nov 2017 11:00:30 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
|
1265
1173
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1266
1174
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1267
1175
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
|
1268
1176
|
<param pos="0" name="os.family" value="Linux"/>
|
|
1269
|
-
<param pos="0" name="os.device" value="General"/>
|
|
1270
1177
|
<param pos="0" name="os.product" value="Linux"/>
|
|
1271
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1178
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1272
1179
|
<param pos="1" name="host.name"/>
|
|
1273
1180
|
<param pos="2" name="service.version"/>
|
|
1274
1181
|
<param pos="3" name="system.time"/>
|
|
1275
1182
|
</fingerprint>
|
|
1276
1183
|
<fingerprint pattern="^([^ ]+) (?:E?SMTP )?Sendmail SMI-([^/]+)/(SMI-SVR4) ready at (.+)$">
|
|
1277
|
-
<description>
|
|
1278
|
-
|
|
1279
|
-
</description>
|
|
1280
|
-
<example>foo.bar.com Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
|
|
1184
|
+
<description>Sendmail - Solaris (SMI variant)</description>
|
|
1185
|
+
<example>foo.bar Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
|
|
1281
1186
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1282
1187
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1283
1188
|
<param pos="0" name="os.vendor" value="Sun"/>
|
|
1284
1189
|
<param pos="0" name="os.family" value="SunOS"/>
|
|
1285
1190
|
<param pos="0" name="os.device" value="General"/>
|
|
1286
1191
|
<param pos="0" name="os.product" value="Solaris"/>
|
|
1287
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1192
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1288
1193
|
<param pos="1" name="host.name"/>
|
|
1289
1194
|
<param pos="2" name="service.version"/>
|
|
1290
1195
|
<param pos="3" name="sendmail.config.version"/>
|
|
1291
1196
|
<param pos="4" name="system.time"/>
|
|
1292
1197
|
</fingerprint>
|
|
1293
1198
|
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)/(linuxconf); (.+)$">
|
|
1294
|
-
<description>
|
|
1295
|
-
|
|
1296
|
-
</description>
|
|
1297
|
-
<example>foo.bar.com ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
|
|
1199
|
+
<description>Sendmail - unknown platform (linuxconf variant)</description>
|
|
1200
|
+
<example>foo.bar ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
|
|
1298
1201
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1299
1202
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1300
1203
|
<param pos="0" name="os.family" value="Linux"/>
|
|
1301
1204
|
<param pos="0" name="os.device" value="General"/>
|
|
1302
1205
|
<param pos="0" name="os.product" value="Linux"/>
|
|
1303
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1206
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1304
1207
|
<param pos="1" name="host.name"/>
|
|
1305
1208
|
<param pos="2" name="service.version"/>
|
|
1306
1209
|
<param pos="3" name="sendmail.config.version"/>
|
|
1307
1210
|
<param pos="4" name="system.time"/>
|
|
1308
1211
|
</fingerprint>
|
|
1309
1212
|
<fingerprint pattern="^([^ ]+) ESMTP MetaInfo Sendmail ([^ ]+) Build ([^ ]+) \(Berkeley ([^ ]+)\)/([^;]+); (.+)$">
|
|
1310
|
-
<description>
|
|
1311
|
-
|
|
1312
|
-
</description>
|
|
1313
|
-
<example>foo.bar.com ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
|
|
1213
|
+
<description>Sendmail - MetaInfo</description>
|
|
1214
|
+
<example>foo.bar ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
|
|
1314
1215
|
<param pos="0" name="service.vendor" value="MetaInfo"/>
|
|
1315
1216
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1316
1217
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
@@ -1318,7 +1219,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1318
1219
|
<param pos="0" name="os.family" value="Windows"/>
|
|
1319
1220
|
<param pos="0" name="os.device" value="General"/>
|
|
1320
1221
|
<param pos="0" name="os.product" value="Windows NT"/>
|
|
1321
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1222
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM"/>
|
|
1322
1223
|
<param pos="1" name="host.name"/>
|
|
1323
1224
|
<param pos="2" name="metainfo.version"/>
|
|
1324
1225
|
<param pos="3" name="metainfo.version.version"/>
|
|
@@ -1326,186 +1227,120 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1326
1227
|
<param pos="5" name="sendmail.config.version"/>
|
|
1327
1228
|
<param pos="6" name="system.time"/>
|
|
1328
1229
|
</fingerprint>
|
|
1329
|
-
<fingerprint pattern="^([^ ]+) +ESMTP
|
|
1330
|
-
<description>
|
|
1331
|
-
|
|
1332
|
-
|
|
1333
|
-
<example
|
|
1334
|
-
<
|
|
1230
|
+
<fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
|
|
1231
|
+
<description>Sendmail - optional timezone and timestamp, w/o OS</description>
|
|
1232
|
+
<example host.name="foo.bar" service.version="8.9.3+3.4W" sendmail.config.version="8.9.3+3.4W" system.time="Tue, 30 Jan 2001 20:40:09 -0500">foo.bar ESMTP Sendmail 8.9.3+3.4W/8.9.3+3.4W; Tue, 30 Jan 2001 20:40:09 -0500 (EST)</example>
|
|
1233
|
+
<example host.name="foo.bar" service.version="8.12.10" sendmail.config.version="8.12.10">foo.bar ESMTP Sendmail 8.12.10/8.12.10;</example>
|
|
1234
|
+
<example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9">foo.bar ESMTP Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
|
|
1235
|
+
<example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9">foo.bar ESMTP blah Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
|
|
1236
|
+
<example host.name="foo.bar" service.version="8.10.2" sendmail.config.version="8.10.3">foo.bar ESMTP Sendmail 8.10.2/8.10.3; Mon, 10 Sep 2001 08:37:14 -0400</example>
|
|
1237
|
+
<example host.name="foo.bar" service.version="8.13.8" sendmail.config.version="8.13.9">foo.bar ESMTP foo-MTA Sendmail 8.13.8/8.13.9; Mon, 18 Apr 2011 08:52:38 -0700</example>
|
|
1335
1238
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1336
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1239
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1337
1240
|
<param pos="1" name="host.name"/>
|
|
1338
1241
|
<param pos="2" name="service.version"/>
|
|
1339
1242
|
<param pos="3" name="sendmail.config.version"/>
|
|
1340
1243
|
<param pos="4" name="system.time"/>
|
|
1341
1244
|
</fingerprint>
|
|
1342
|
-
<fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *(
|
|
1343
|
-
<description>
|
|
1344
|
-
|
|
1345
|
-
</description>
|
|
1346
|
-
<example host.name="example.com" service.version="8.8.8" sendmail.config.version="8.8.9">example.com ESMTP Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
|
|
1347
|
-
<example host.name="example.com" service.version="8.8.8" sendmail.config.version="8.8.9">example.com ESMTP blah Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
|
|
1348
|
-
<example host.name="example.com" service.version="8.10.2" sendmail.config.version="8.10.3">example.com ESMTP Sendmail 8.10.2/8.10.3; Mon, 10 Sep 2001 08:37:14 -0400</example>
|
|
1349
|
-
<example host.name="example.com" service.version="8.13.8" sendmail.config.version="8.13.9">example.com ESMTP foo-MTA Sendmail 8.13.8/8.13.9; Mon, 18 Apr 2011 08:52:38 -0700</example>
|
|
1350
|
-
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1245
|
+
<fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w+)\.?$">
|
|
1246
|
+
<description>Sendmail - with timezone and timestamp, w/o timezone offset or OS</description>
|
|
1247
|
+
<example host.name="foo.bar" service.version="8.14.4" sendmail.config.version="8.14.4" system.time="Thu, 5 Apr 2018 19:30:58 GMT">foo.bar ESMTP Sendmail 8.14.4/8.14.4; Thu, 5 Apr 2018 19:30:58 GMT</example>
|
|
1351
1248
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1352
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1249
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss z"/>
|
|
1353
1250
|
<param pos="1" name="host.name"/>
|
|
1354
1251
|
<param pos="2" name="service.version"/>
|
|
1355
1252
|
<param pos="3" name="sendmail.config.version"/>
|
|
1356
1253
|
<param pos="4" name="system.time"/>
|
|
1357
1254
|
</fingerprint>
|
|
1358
|
-
<fingerprint pattern="^([^ ]+) +Sendmail ready
|
|
1359
|
-
<description>
|
|
1360
|
-
|
|
1361
|
-
</description>
|
|
1362
|
-
<example>mail.foo.bar Sendmail ready.</example>
|
|
1255
|
+
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ ]+) ready at *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\))$">
|
|
1256
|
+
<description>Sendmail - with version and date (optional timezone), w/o config version</description>
|
|
1257
|
+
<example host.name="foo.bar" service.version="8.8.8" system.time="Tue, 6 Feb 2001 14:37:14 +0100">foo.bar ESMTP Sendmail 8.8.8 ready at Tue, 6 Feb 2001 14:37:14 +0100 (CET)</example>
|
|
1363
1258
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1364
1259
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1365
|
-
<param pos="
|
|
1366
|
-
</fingerprint>
|
|
1367
|
-
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ ]+) ready at *(.+) \(.+\)$">
|
|
1368
|
-
<description>
|
|
1369
|
-
sendmail with daemon version only
|
|
1370
|
-
</description>
|
|
1371
|
-
<example>mail.foo.bar ESMTP Sendmail 8.8.8 ready at Tue, 6 Feb 2001 14:37:14 +0100 (CET)</example>
|
|
1372
|
-
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1373
|
-
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1374
|
-
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
1260
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1375
1261
|
<param pos="1" name="host.name"/>
|
|
1376
1262
|
<param pos="2" name="service.version"/>
|
|
1377
1263
|
<param pos="3" name="system.time"/>
|
|
1378
1264
|
</fingerprint>
|
|
1379
|
-
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(
|
|
1380
|
-
<description>
|
|
1381
|
-
|
|
1382
|
-
</description>
|
|
1383
|
-
<example>mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
|
|
1265
|
+
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) - \([^\)]+\)/[^ ]+;? *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
|
|
1266
|
+
<description>Sendmail - revision variant 1</description>
|
|
1267
|
+
<example>foo.foo.bar ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
|
|
1384
1268
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1385
1269
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1386
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1270
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1387
1271
|
<param pos="1" name="host.name"/>
|
|
1388
1272
|
<param pos="2" name="service.version"/>
|
|
1389
1273
|
<param pos="3" name="system.time"/>
|
|
1390
1274
|
</fingerprint>
|
|
1391
|
-
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^
|
|
1392
|
-
<description>
|
|
1393
|
-
|
|
1394
|
-
</description>
|
|
1395
|
-
<example>foo.example.com ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
|
|
1275
|
+
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +(?:[^ ]+) +version +([^ ]+) +- +(?:[^;]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
|
|
1276
|
+
<description>Sendmail - revision variant 2</description>
|
|
1277
|
+
<example>foo.foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
|
|
1396
1278
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1397
1279
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1398
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1280
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1399
1281
|
<param pos="1" name="host.name"/>
|
|
1400
1282
|
<param pos="2" name="service.version"/>
|
|
1401
1283
|
<param pos="3" name="system.time"/>
|
|
1402
1284
|
</fingerprint>
|
|
1403
|
-
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail
|
|
1404
|
-
<description>
|
|
1405
|
-
|
|
1406
|
-
|
|
1407
|
-
<example
|
|
1285
|
+
<fingerprint pattern="^(?i)([^ ]+) +(?:ESMTP +)?Sendmail *(?: Ready.? ?)?(?:;|at)? ?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
|
|
1286
|
+
<description>Sendmail - with date, w/o version or platform, optional status string.</description>
|
|
1287
|
+
<example host.name="foo.bar">foo.bar ESMTP Sendmail ; Thu, 30 Nov 2017 17:50:14 +0900</example>
|
|
1288
|
+
<example host.name="foo.bar">foo.bar ESMTP Sendmail; Thu, 30 Nov 2017 17:50:14 +0900</example>
|
|
1289
|
+
<example host.name="foo.bar" system.time="Wed, 20 May 2015 17:17:56 -0600">foo.bar ESMTP Sendmail Wed, 20 May 2015 17:17:56 -0600</example>
|
|
1290
|
+
<example host.name="foo.bar" system.time="Thu, 30 Nov 2017 10:24:14 +0100">foo.bar ESMTP Sendmail Ready; Thu, 30 Nov 2017 10:24:14 +0100</example>
|
|
1291
|
+
<example host.name="foo.bar">foo.bar ESMTP Sendmail ready at Fri, 6 Apr 2018 04:57:01 +0900</example>
|
|
1292
|
+
<example host.name="foo.bar">foo.bar ESMTP Sendmail ready</example>
|
|
1293
|
+
<example host.name="foo.bar">foo.bar ESMTP Sendmail ready. </example>
|
|
1294
|
+
<example host.name="foo.bar">foo.bar ESMTP Sendmail</example>
|
|
1295
|
+
<example host.name="foo.bar">foo.bar Sendmail ready. </example>
|
|
1408
1296
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1409
|
-
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1410
|
-
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
1411
|
-
<param pos="1" name="host.name"/>
|
|
1412
|
-
<param pos="2" name="service.version"/>
|
|
1413
|
-
<param pos="3" name="system.time"/>
|
|
1414
|
-
</fingerprint>
|
|
1415
|
-
<fingerprint pattern="^Sendmail ESMTP ready$">
|
|
1416
|
-
<description>
|
|
1417
|
-
catch all for other versions of sendmail, no hostname or date
|
|
1418
|
-
</description>
|
|
1419
|
-
<example>Sendmail ESMTP ready</example>
|
|
1420
1297
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1421
1298
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1422
|
-
</fingerprint>
|
|
1423
|
-
<fingerprint pattern="^Sendmail ([^/]+)/([^/]+) ready on ([^ ]+)$">
|
|
1424
|
-
<description>
|
|
1425
|
-
catch all for other versions of sendmail
|
|
1426
|
-
</description>
|
|
1427
|
-
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1428
|
-
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1429
|
-
<param pos="1" name="service.version"/>
|
|
1430
|
-
<param pos="2" name="sendmail.config.version"/>
|
|
1431
|
-
<param pos="3" name="host.name"/>
|
|
1432
|
-
</fingerprint>
|
|
1433
|
-
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ready at (.+) \(.+\)$">
|
|
1434
|
-
<description>
|
|
1435
|
-
catch all for other versions of sendmail
|
|
1436
|
-
</description>
|
|
1437
|
-
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1438
|
-
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1439
|
-
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
|
1440
1299
|
<param pos="1" name="host.name"/>
|
|
1441
1300
|
<param pos="2" name="system.time"/>
|
|
1301
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1442
1302
|
</fingerprint>
|
|
1443
|
-
<fingerprint pattern="^([
|
|
1444
|
-
<description>
|
|
1445
|
-
|
|
1446
|
-
</description>
|
|
1447
|
-
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1448
|
-
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1449
|
-
<param pos="1" name="host.name"/>
|
|
1450
|
-
</fingerprint>
|
|
1451
|
-
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ready$">
|
|
1452
|
-
<description>
|
|
1453
|
-
catch all for other versions of sendmail
|
|
1454
|
-
</description>
|
|
1303
|
+
<fingerprint pattern="^ESMTP Sendmail +([^/ ]+) */ *([^/ ]+); (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)$">
|
|
1304
|
+
<description>Sendmail - with version and date, w/o hostname or platform (semicolon variant)</description>
|
|
1305
|
+
<example service.version="8.13.1" sendmail.config.version="8.13.1" system.time="Thu, 30 Nov 2017 01:58:22 -0700">ESMTP Sendmail 8.13.1/8.13.1; Thu, 30 Nov 2017 01:58:22 -0700</example>
|
|
1455
1306
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1456
1307
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1457
|
-
<param pos="
|
|
1308
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1309
|
+
<param pos="1" name="service.version"/>
|
|
1310
|
+
<param pos="2" name="sendmail.config.version"/>
|
|
1311
|
+
<param pos="3" name="system.time"/>
|
|
1458
1312
|
</fingerprint>
|
|
1459
|
-
<fingerprint pattern="^([^ ]+) Sendmail ([
|
|
1460
|
-
<description>
|
|
1461
|
-
|
|
1462
|
-
</description>
|
|
1313
|
+
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(.+) \(.+\)$">
|
|
1314
|
+
<description>Sendmail - unknown (date in version string variant)</description>
|
|
1315
|
+
<example>mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
|
|
1463
1316
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1464
1317
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1465
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1318
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1466
1319
|
<param pos="1" name="host.name"/>
|
|
1467
1320
|
<param pos="2" name="service.version"/>
|
|
1468
|
-
<param pos="3" name="
|
|
1469
|
-
<param pos="4" name="system.time"/>
|
|
1321
|
+
<param pos="3" name="system.time"/>
|
|
1470
1322
|
</fingerprint>
|
|
1323
|
+
<!-- *Sendmail* fingerprints after this line had NO matches in 2017.11.30 Project Sonar data set-->
|
|
1471
1324
|
<fingerprint pattern="^([^ ]+) Sendmail ([^;]+); ([^;\.]+)$">
|
|
1472
|
-
<description>
|
|
1473
|
-
catch all for other versions of sendmail
|
|
1474
|
-
</description>
|
|
1325
|
+
<description>Sendmail - unknown platform, variant 1</description>
|
|
1475
1326
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1476
1327
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1477
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1328
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss zzz"/>
|
|
1478
1329
|
<param pos="1" name="host.name"/>
|
|
1479
1330
|
<param pos="2" name="service.version"/>
|
|
1480
1331
|
<param pos="3" name="system.time"/>
|
|
1481
1332
|
</fingerprint>
|
|
1482
|
-
<fingerprint pattern="^([^ ]+)
|
|
1483
|
-
<description>
|
|
1484
|
-
catch all for other versions of sendmail
|
|
1485
|
-
</description>
|
|
1486
|
-
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1487
|
-
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1488
|
-
<param pos="1" name="host.name"/>
|
|
1489
|
-
</fingerprint>
|
|
1490
|
-
<fingerprint pattern="^(\S+) ESMTP Sendmail (\S{3}, \d{1,2} \S{3} \d{4} \d{2}:\d{2}:\d{2} \S+)$">
|
|
1491
|
-
<description>
|
|
1492
|
-
catch all for other versions of sendmail, with a date/time
|
|
1493
|
-
</description>
|
|
1494
|
-
<example host.name="example.com">example.com ESMTP Sendmail Wed, 20 May 2015 17:17:56 -0600</example>
|
|
1495
|
-
<example host.name="example.com">example.com ESMTP Sendmail Wed, 5 Aug 2015 17:40:38 -0400</example>
|
|
1333
|
+
<fingerprint pattern="^Sendmail ([^/]+)/([^/]+) ready on ([^ ]+)$">
|
|
1334
|
+
<description>Sendmail - basic with version and date</description>
|
|
1496
1335
|
<param pos="0" name="service.family" value="Sendmail"/>
|
|
1497
1336
|
<param pos="0" name="service.product" value="Sendmail"/>
|
|
1498
|
-
<param pos="1" name="
|
|
1499
|
-
<param pos="
|
|
1500
|
-
<param pos="
|
|
1337
|
+
<param pos="1" name="service.version"/>
|
|
1338
|
+
<param pos="2" name="sendmail.config.version"/>
|
|
1339
|
+
<param pos="3" name="host.name"/>
|
|
1501
1340
|
</fingerprint>
|
|
1502
|
-
|
|
1503
|
-
|
|
1504
|
-
|
|
1505
|
-
<fingerprint pattern="^([^ ]+) -- Server ESMTP \(Sun Internet Mail Server sims\.([^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+)\)$">
|
|
1506
|
-
<description>
|
|
1507
|
-
220 smtp.foo.bar -- Server ESMTP (Sun Internet Mail Server sims.4.0.2000.10.12.16.25.p8)
|
|
1508
|
-
</description>
|
|
1341
|
+
<fingerprint pattern="^([^ ]+) -- Server ESMTP \(Sun Internet Mail Server sims\.(\d\.[\w.]+)\)$">
|
|
1342
|
+
<description>Sun Internet Mail Server</description>
|
|
1343
|
+
<example host.name="foo.bar" service.version="4.0.2000.10.12.16.25.p8">foo.bar -- Server ESMTP (Sun Internet Mail Server sims.4.0.2000.10.12.16.25.p8)</example>
|
|
1509
1344
|
<param pos="0" name="service.vendor" value="Sun"/>
|
|
1510
1345
|
<param pos="0" name="service.family" value="Internet Mail Server"/>
|
|
1511
1346
|
<param pos="0" name="service.product" value="Internet Mail Server"/>
|
|
@@ -1516,27 +1351,23 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1516
1351
|
<param pos="1" name="host.name"/>
|
|
1517
1352
|
<param pos="2" name="service.version"/>
|
|
1518
1353
|
</fingerprint>
|
|
1519
|
-
|
|
1520
|
-
|
|
1521
|
-
<
|
|
1522
|
-
|
|
1523
|
-
|
|
1524
|
-
<
|
|
1525
|
-
<param pos="0" name="service.
|
|
1526
|
-
<param pos="0" name="service.
|
|
1527
|
-
<param pos="0" name="
|
|
1528
|
-
<param pos="0" name="
|
|
1529
|
-
<param pos="0" name="os.device" value="General"/>
|
|
1530
|
-
<param pos="0" name="os.product" value="Solaris"/>
|
|
1354
|
+
<fingerprint pattern="^(?:2.0.0 )?([^ ]+) ESMTP ecelerity (\d\.[\d.]+) r\(([^)]+)\) (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
|
|
1355
|
+
<description>Ecelerity</description>
|
|
1356
|
+
<example host.name="foo.bar" system.time="Thu, 30 Nov 2017 05:11:00 -0500">2.0.0 foo.bar ESMTP ecelerity 4.0.0.43760 r(Platform:4.0.0.1) Thu, 30 Nov 2017 05:11:00 -0500</example>
|
|
1357
|
+
<example>foo.bar ESMTP ecelerity 3.3.1.44388 r(44388) Thu, 30 Nov 2017 03:10:11 -0700</example>
|
|
1358
|
+
<example>foo.bar ESMTP ecelerity 3.6.25.56547 r(Core:3.6.25.0) Thu, 30 Nov 2017 03:17:07 -0600</example>
|
|
1359
|
+
<example service.version="4.2.37.61980" service.component.version=":">foo.bar ESMTP ecelerity 4.2.37.61980 r(:) Thu, 30 Nov 2017 09:58:54 +0000</example>
|
|
1360
|
+
<param pos="0" name="service.vendor" value="Ecelerity"/>
|
|
1361
|
+
<param pos="0" name="service.family" value="Ecelerity Mail Server"/>
|
|
1362
|
+
<param pos="0" name="service.product" value="Ecelerity Mail Server"/>
|
|
1363
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1531
1364
|
<param pos="1" name="host.name"/>
|
|
1532
1365
|
<param pos="2" name="service.version"/>
|
|
1366
|
+
<param pos="3" name="service.component.version"/>
|
|
1367
|
+
<param pos="4" name="system.time"/>
|
|
1533
1368
|
</fingerprint>
|
|
1534
|
-
<fingerprint pattern="^([^ ]+) SMTP Server SLMail v?(\d\.[\d.]+) Ready ESMTP spoken here *$"
|
|
1535
|
-
<description>
|
|
1536
|
-
Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)
|
|
1537
|
-
http://serverwatch.internet.com/reviews/mail-slmail.html
|
|
1538
|
-
http://www.seattlelab.com/
|
|
1539
|
-
</description>
|
|
1369
|
+
<fingerprint pattern="^(?i)([^ ]+) SMTP Server SLMail v?(\d\.[\d.]+) Ready ESMTP spoken here *$">
|
|
1370
|
+
<description>Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)</description>
|
|
1540
1371
|
<example service.version="2.7">foo.bar Smtp Server SLMail v2.7 Ready ESMTP spoken here</example>
|
|
1541
1372
|
<example service.version="3.2.3113">foo.bar SMTP Server SLmail 3.2.3113 Ready ESMTP spoken here</example>
|
|
1542
1373
|
<example service.version="5.5.0.4433">foo.bar SMTP Server SLmail 5.5.0.4433 Ready ESMTP spoken here</example>
|
|
@@ -1560,10 +1391,29 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1560
1391
|
<param pos="0" name="service.product" value="Symantec Messaging Gateway"/>
|
|
1561
1392
|
<param pos="1" name="host.name"/>
|
|
1562
1393
|
</fingerprint>
|
|
1394
|
+
<!-- SonicWall makes hardware, virtual appliances, and Windows software. The banner doesn't indicate which. -->
|
|
1395
|
+
<fingerprint pattern="^(?i)([^ ]+) ESMTP SonicWALL \(([\d.]+)\)$">
|
|
1396
|
+
<description>SonicWall Email Security</description>
|
|
1397
|
+
<example host.name="foo.bar" service.version="9.0.5.2077">foo.bar ESMTP SonicWALL (9.0.5.2077)</example>
|
|
1398
|
+
<example host.name="foo.bar" service.version="9.1.1.3113">foo.bar ESMTP SonicWall (9.1.1.3113)</example>
|
|
1399
|
+
<param pos="0" name="service.vendor" value="SonicWall"/>
|
|
1400
|
+
<param pos="0" name="service.vendor" value="SonicWall"/>
|
|
1401
|
+
<param pos="0" name="service.family" value="Email Security"/>
|
|
1402
|
+
<param pos="0" name="service.product" value="Email Security"/>
|
|
1403
|
+
<param pos="1" name="host.name"/>
|
|
1404
|
+
<param pos="2" name="service.version"/>
|
|
1405
|
+
</fingerprint>
|
|
1406
|
+
<fingerprint pattern="^([^ ]+) \(PowerMTA\(TM\) v([\d.r]+)\) ESMTP service ready$">
|
|
1407
|
+
<description>PowerMTA</description>
|
|
1408
|
+
<example host.name="foo.bar" service.version="3.2r24">foo.bar (PowerMTA(TM) v3.2r24) ESMTP service ready</example>
|
|
1409
|
+
<param pos="0" name="service.vendor" value="port25"/>
|
|
1410
|
+
<param pos="0" name="service.family" value="PowerMTA"/>
|
|
1411
|
+
<param pos="0" name="service.product" value="PowerMTA"/>
|
|
1412
|
+
<param pos="1" name="host.name"/>
|
|
1413
|
+
<param pos="2" name="service.version"/>
|
|
1414
|
+
</fingerprint>
|
|
1563
1415
|
<fingerprint pattern="^([^ ]+) +VOPmail ESMTP Receiver Version (\d\.[\d.]+) Ready$">
|
|
1564
|
-
<description>
|
|
1565
|
-
VOPMail http://www.vircom.com/en/products/vopmail/vopmail.shtml
|
|
1566
|
-
</description>
|
|
1416
|
+
<description>VOPMail http://www.vircom.com/en/products/vopmail/vopmail.shtml</description>
|
|
1567
1417
|
<example host.name="foo.bar" service.version="4.0.179.0">foo.bar VOPmail ESMTP Receiver Version 4.0.179.0 Ready</example>
|
|
1568
1418
|
<param pos="0" name="service.vendor" value="Vircom"/>
|
|
1569
1419
|
<param pos="0" name="service.family" value="VOPMail"/>
|
|
@@ -1572,9 +1422,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1572
1422
|
<param pos="2" name="service.version"/>
|
|
1573
1423
|
</fingerprint>
|
|
1574
1424
|
<fingerprint pattern="^([^ ]+) VPOP3 E?SMTP Server (?:Ready|access not allowed!)$">
|
|
1575
|
-
<description>
|
|
1576
|
-
VPOP3 Email server: http://www.pscs.co.uk/products/vpop3/index.html
|
|
1577
|
-
</description>
|
|
1425
|
+
<description>VPOP3 Email server: http://www.pscs.co.uk/products/vpop3/index.html</description>
|
|
1578
1426
|
<example>foo.bar VPOP3 ESMTP Server Ready</example>
|
|
1579
1427
|
<example>foo.bar VPOP3 SMTP Server Ready</example>
|
|
1580
1428
|
<example>foo.bar VPOP3 SMTP Server access not allowed!</example>
|
|
@@ -1583,44 +1431,26 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1583
1431
|
<param pos="0" name="service.product" value="VPOP3"/>
|
|
1584
1432
|
<param pos="1" name="host.name"/>
|
|
1585
1433
|
</fingerprint>
|
|
1586
|
-
<fingerprint pattern="^([^ ]+) WebShield SMTP V([^ ]+\.[^ ]+) Network Associates.*Ready at (.+) *$">
|
|
1587
|
-
<description>
|
|
1588
|
-
|
|
1589
|
-
|
|
1590
|
-
</description>
|
|
1591
|
-
<param pos="0" name="service.vendor" value="McAfee"/>
|
|
1592
|
-
<param pos="0" name="service.family" value="WebShield"/>
|
|
1593
|
-
<param pos="0" name="service.product" value="WebShield"/>
|
|
1594
|
-
<param pos="0" name="system.time.format" value="EEE dd MMM yyyy HH:mm:ss zzz"/>
|
|
1595
|
-
<param pos="1" name="host.name"/>
|
|
1596
|
-
<param pos="2" name="service.version"/>
|
|
1597
|
-
<param pos="3" name="system.time"/>
|
|
1598
|
-
</fingerprint>
|
|
1599
|
-
<fingerprint pattern="^([^ ]+) WebShield SMTP V([^ ]+\.[^ ]+) ([^ ]+) Network Associates.*Ready at (.+) *$">
|
|
1600
|
-
<description>
|
|
1601
|
-
http://www.mcafeeb2b.com/products/webshield-smtp/default.asp
|
|
1602
|
-
example:220 wsigate WebShield SMTP V4.5 MR1 Network Associates, Inc. Ready at Sun Jul 29 22:47:44 2001
|
|
1603
|
-
</description>
|
|
1434
|
+
<fingerprint pattern="^([^ ]+) WebShield SMTP V([^ ]+\.[^ ]+) (:?[^ ]+)? ?Network Associates.*Ready at (.+) *$">
|
|
1435
|
+
<description>McAfee WebShield</description>
|
|
1436
|
+
<example host.name="foo.bar" service.version="4.5" service.version.version="MR1a">foo.bar WebShield SMTP V4.5 MR1a Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
|
|
1437
|
+
<example host.name="foo.bar" service.version="4.5" system.time="Thu Nov 30 09:15:32 2017">foo.bar WebShield SMTP V4.5 Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
|
|
1604
1438
|
<param pos="0" name="service.vendor" value="McAfee"/>
|
|
1605
1439
|
<param pos="0" name="service.family" value="WebShield"/>
|
|
1606
1440
|
<param pos="0" name="service.product" value="WebShield"/>
|
|
1607
|
-
<param pos="0" name="system.time.format" value="EEE
|
|
1441
|
+
<param pos="0" name="system.time.format" value="EEE d MMM HH:mm:ss yyyy"/>
|
|
1608
1442
|
<param pos="1" name="host.name"/>
|
|
1609
1443
|
<param pos="2" name="service.version"/>
|
|
1610
1444
|
<param pos="3" name="service.version.version"/>
|
|
1611
1445
|
<param pos="4" name="system.time"/>
|
|
1612
1446
|
</fingerprint>
|
|
1613
1447
|
<fingerprint pattern="^([^ ]+) McAfee WebShield ASaP v([^ ]+\.[^ ]+\.[^ ]+): (.+) *$">
|
|
1614
|
-
<description>
|
|
1615
|
-
|
|
1616
|
-
basically consisting of a 1U Linux rackmount box with McAfee's filtering software
|
|
1617
|
-
http://www.mcafeeb2b.com/services/webshield-asap/faq.asp
|
|
1618
|
-
example: 220 smtp.foo.bar McAfee WebShield ASaP v1.0.1: Sun, 29 Jul 2001 22:46:18 -0700
|
|
1619
|
-
</description>
|
|
1448
|
+
<description>McAfee Webshield ASaP (bundled hardware / software)</description>
|
|
1449
|
+
<example host.name="foo.bar" service.version="1.0.1" system.time="Sun, 29 Jul 2001 22:46:18 -0700">foo.bar McAfee WebShield ASaP v1.0.1: Sun, 29 Jul 2001 22:46:18 -0700</example>
|
|
1620
1450
|
<param pos="0" name="service.vendor" value="McAfee"/>
|
|
1621
1451
|
<param pos="0" name="service.family" value="WebShield"/>
|
|
1622
1452
|
<param pos="0" name="service.product" value="WebShield"/>
|
|
1623
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1453
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1624
1454
|
<param pos="0" name="os.vendor" value="McAfee"/>
|
|
1625
1455
|
<param pos="0" name="os.family" value="Linux"/>
|
|
1626
1456
|
<param pos="0" name="os.device" value="General"/>
|
|
@@ -1630,13 +1460,12 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1630
1460
|
<param pos="3" name="system.time"/>
|
|
1631
1461
|
</fingerprint>
|
|
1632
1462
|
<fingerprint pattern="^([^ ]+) McAfee VirusScreen ASaP v([^ ]+\.[^ ]+): (.+) *$">
|
|
1633
|
-
<description>
|
|
1634
|
-
|
|
1635
|
-
</description>
|
|
1463
|
+
<description>McAfee VirusScreen</description>
|
|
1464
|
+
<example host.name="foo.bar" service.version="1.1" system.time="Sun, 20 Jul 2003 09:20:52 -0700">foo.bar McAfee VirusScreen ASaP v1.1: Sun, 20 Jul 2003 09:20:52 -0700</example>
|
|
1636
1465
|
<param pos="0" name="service.vendor" value="McAfee"/>
|
|
1637
1466
|
<param pos="0" name="service.family" value="WebShield"/>
|
|
1638
1467
|
<param pos="0" name="service.product" value="WebShield"/>
|
|
1639
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1468
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1640
1469
|
<param pos="0" name="os.vendor" value="McAfee"/>
|
|
1641
1470
|
<param pos="0" name="os.family" value="Linux"/>
|
|
1642
1471
|
<param pos="0" name="os.device" value="General"/>
|
|
@@ -1645,11 +1474,16 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1645
1474
|
<param pos="2" name="service.version"/>
|
|
1646
1475
|
<param pos="3" name="system.time"/>
|
|
1647
1476
|
</fingerprint>
|
|
1477
|
+
<fingerprint pattern="^([^ ]+) ESMTP Lyris ListManager service ready$">
|
|
1478
|
+
<description>Lyris ListManager</description>
|
|
1479
|
+
<example host.name="foo.bar">foo.bar ESMTP Lyris ListManager service ready</example>
|
|
1480
|
+
<param pos="0" name="service.vendor" value="Lyris"/>
|
|
1481
|
+
<param pos="0" name="service.family" value="ListManager"/>
|
|
1482
|
+
<param pos="0" name="service.product" value="ListManager"/>
|
|
1483
|
+
<param pos="1" name="host.name"/>
|
|
1484
|
+
</fingerprint>
|
|
1648
1485
|
<fingerprint pattern="^([^ ]+) ESMTP - WinRoute Pro ([^ ]+\.[^ ]+)$">
|
|
1649
|
-
<description>
|
|
1650
|
-
WinRoute Pro, runs on 9x/NT/2k
|
|
1651
|
-
http://www.tinysoftware.com/winpro.php
|
|
1652
|
-
</description>
|
|
1486
|
+
<description>WinRoute Pro, runs on 9x/NT/2k http://www.tinysoftware.com/winpro.php</description>
|
|
1653
1487
|
<example host.name="foo.bar" service.version="4.2.4">foo.bar ESMTP - WinRoute Pro 4.2.4</example>
|
|
1654
1488
|
<param pos="0" name="service.family" value="WinRoute"/>
|
|
1655
1489
|
<param pos="0" name="service.product" value="WinRoute"/>
|
|
@@ -1661,7 +1495,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1661
1495
|
<example service.version="4.2.1">ESMTP - WinRoute Pro 4.2.1 Thu, 16 Nov 2017 11:48:15 +0300</example>
|
|
1662
1496
|
<param pos="0" name="service.family" value="WinRoute"/>
|
|
1663
1497
|
<param pos="0" name="service.product" value="WinRoute"/>
|
|
1664
|
-
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss
|
|
1498
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss Z"/>
|
|
1665
1499
|
<param pos="1" name="service.version"/>
|
|
1666
1500
|
<param pos="2" name="system.time"/>
|
|
1667
1501
|
</fingerprint>
|
|
@@ -1671,7 +1505,7 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1671
1505
|
<param pos="0" name="service.vendor" value="ZMailer"/>
|
|
1672
1506
|
<param pos="0" name="service.family" value="ZMailer"/>
|
|
1673
1507
|
<param pos="0" name="service.product" value="ZMailer"/>
|
|
1674
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1508
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1675
1509
|
<param pos="1" name="host.name"/>
|
|
1676
1510
|
<param pos="2" name="service.version"/>
|
|
1677
1511
|
<param pos="3" name="service.version.version"/>
|
|
@@ -1683,27 +1517,84 @@ The system or service fingerprint with the highest certainty overwrites the othe
|
|
|
1683
1517
|
<param pos="0" name="service.vendor" value="ZMailer"/>
|
|
1684
1518
|
<param pos="0" name="service.family" value="ZMailer"/>
|
|
1685
1519
|
<param pos="0" name="service.product" value="ZMailer"/>
|
|
1686
|
-
<param pos="0" name="system.time.format" value="EEE,
|
|
1520
|
+
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
|
1687
1521
|
<param pos="0" name="zmailer.ident" value="yes"/>
|
|
1688
1522
|
<param pos="1" name="host.name"/>
|
|
1689
1523
|
<param pos="2" name="service.version"/>
|
|
1690
1524
|
<param pos="3" name="service.version.version"/>
|
|
1691
1525
|
<param pos="4" name="system.time"/>
|
|
1692
1526
|
</fingerprint>
|
|
1693
|
-
<fingerprint pattern="^(\
|
|
1527
|
+
<fingerprint pattern="^([^ ]+) Kerio Connect (\d\.[\d.]+) (?:patch (\d) )?ESMTP ready$">
|
|
1528
|
+
<description>Kerio Connect ESMTP</description>
|
|
1529
|
+
<example host.name="foo.bar" service.version="8.0.2">foo.bar Kerio Connect 8.0.2 ESMTP ready</example>
|
|
1530
|
+
<example service.version="9.2.5" service.version.version="3">foo.bar Kerio Connect 9.2.5 patch 3 ESMTP ready</example>
|
|
1531
|
+
<param pos="0" name="service.vendor" value="Kerio"/>
|
|
1532
|
+
<param pos="0" name="service.family" value="Connect"/>
|
|
1533
|
+
<param pos="0" name="service.product" value="ESMTP"/>
|
|
1534
|
+
<param pos="1" name="host.name"/>
|
|
1535
|
+
<param pos="2" name="service.version"/>
|
|
1536
|
+
<param pos="3" name="service.version.version"/>
|
|
1537
|
+
</fingerprint>
|
|
1538
|
+
<fingerprint pattern="^([^ ]+) ESMTP CommuniGate Pro (\d\.[\w.]+)(?:. It is you again :-\()?$">
|
|
1539
|
+
<description>Communigate Pro</description>
|
|
1540
|
+
<example host.name="foo.bar" service.version="5.3.1">foo.bar ESMTP CommuniGate Pro 5.3.1</example>
|
|
1541
|
+
<example host.name="foo.bar" service.version="6.2c3">foo.bar ESMTP CommuniGate Pro 6.2c3</example>
|
|
1542
|
+
<example host.name="foo.bar" service.version="4.3.12">foo.bar ESMTP CommuniGate Pro 4.3.12. It is you again :-(</example>
|
|
1543
|
+
<param pos="0" name="service.vendor" value="Communigater"/>
|
|
1544
|
+
<param pos="0" name="service.family" value="Pro"/>
|
|
1545
|
+
<param pos="0" name="service.product" value="ESMTP"/>
|
|
1546
|
+
<param pos="1" name="host.name"/>
|
|
1547
|
+
<param pos="2" name="service.version"/>
|
|
1548
|
+
</fingerprint>
|
|
1549
|
+
<fingerprint pattern="^(\S+) NO UCE NO UBE NO RELAY PROBES ESMTP">
|
|
1550
|
+
<description>Twisted SMTP server</description>
|
|
1551
|
+
<example host.name="foo.bar">foo.bar NO UCE NO UBE NO RELAY PROBES ESMTP</example>
|
|
1552
|
+
<param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
|
|
1553
|
+
<param pos="0" name="service.family" value="Twisted"/>
|
|
1554
|
+
<param pos="0" name="service.product" value="ESMTP"/>
|
|
1555
|
+
<param pos="1" name="host.name"/>
|
|
1556
|
+
</fingerprint>
|
|
1557
|
+
<fingerprint pattern="^Cellopoint E-mail Firewall v(\d\.[\d.]+) Build (\d+) ready$">
|
|
1558
|
+
<description>Cellopoint E-mail Firewall</description>
|
|
1559
|
+
<example service.version="3.9.12" service.version.version="0324">Cellopoint E-mail Firewall v3.9.12 Build 0324 ready</example>
|
|
1560
|
+
<param pos="0" name="service.vendor" value="Cellopoint"/>
|
|
1561
|
+
<param pos="0" name="service.family" value="UTM"/>
|
|
1562
|
+
<param pos="0" name="service.product" value="E-mail Firewall"/>
|
|
1563
|
+
<param pos="1" name="service.version"/>
|
|
1564
|
+
<param pos="2" name="service.version.version"/>
|
|
1565
|
+
</fingerprint>
|
|
1566
|
+
<fingerprint pattern="^ESMTP on WinWebMail \[(\d\.[\d.]+)\] ready\. http://www.winwebmail.com$">
|
|
1567
|
+
<description>Ma Jian WinWebMail</description>
|
|
1568
|
+
<example service.version="3.9.0.7">ESMTP on WinWebMail [3.9.0.7] ready. http://www.winwebmail.com</example>
|
|
1569
|
+
<param pos="0" name="service.vendor" value="Ma Jian"/>
|
|
1570
|
+
<param pos="0" name="service.family" value="WinWebMail"/>
|
|
1571
|
+
<param pos="0" name="service.product" value="ESMTP"/>
|
|
1572
|
+
<param pos="1" name="service.version"/>
|
|
1573
|
+
</fingerprint>
|
|
1574
|
+
<fingerprint pattern="^([^ ]+) Service ready by David.fx \((\d+)\) ESMTP Server \(Tobit.Software, Germany\)$">
|
|
1575
|
+
<description>Tobit Software David</description>
|
|
1576
|
+
<example service.version="0486">foo.bar Service ready by David.fx (0486) ESMTP Server (Tobit.Software, Germany)</example>
|
|
1577
|
+
<param pos="0" name="service.vendor" value="Tobit Software"/>
|
|
1578
|
+
<param pos="0" name="service.family" value="David"/>
|
|
1579
|
+
<param pos="0" name="service.product" value="ESMTP"/>
|
|
1580
|
+
<param pos="1" name="host.name"/>
|
|
1581
|
+
<param pos="2" name="service.version"/>>
|
|
1582
|
+
</fingerprint>
|
|
1583
|
+
<fingerprint pattern="^(?i)(\S+) E?SMTP Perl">
|
|
1694
1584
|
<description>Some simple PERL SMTP server</description>
|
|
1695
|
-
<example host.name="
|
|
1585
|
+
<example host.name="foo.bar">foo.bar ESMTP Perl</example>
|
|
1696
1586
|
<param pos="0" name="service.product" value="Perl"/>
|
|
1697
1587
|
<param pos="1" name="host.name"/>
|
|
1698
1588
|
</fingerprint>
|
|
1699
|
-
<fingerprint pattern="^([^ ]+) E?SMTP(?: (?:Service )?Ready\.?)?$"
|
|
1700
|
-
<description>
|
|
1701
|
-
|
|
1702
|
-
|
|
1703
|
-
<example host.name="
|
|
1704
|
-
<example host.name="
|
|
1705
|
-
<example
|
|
1706
|
-
<example
|
|
1589
|
+
<fingerprint pattern="^(?i)(?:([^ ]+) )?E?SMTP(?: (?:Service )?Ready\.?)?$">
|
|
1590
|
+
<description>Non-specific banner with optional hostname</description>
|
|
1591
|
+
<example host.name="foo.bar">foo.bar ESMTP</example>
|
|
1592
|
+
<example host.name="foo.bar">foo.bar ESMTP Ready</example>
|
|
1593
|
+
<example host.name="foo.bar">foo.bar SMTP</example>
|
|
1594
|
+
<example host.name="foo.bar">foo.bar ESMTP Service ready</example>
|
|
1595
|
+
<example>ESMTP ready</example>
|
|
1596
|
+
<example>SMTP Ready</example>
|
|
1597
|
+
<example>ESMTP READY</example>
|
|
1707
1598
|
<param pos="0" name="service.product" value="Unknown"/>
|
|
1708
1599
|
<param pos="1" name="host.name"/>
|
|
1709
1600
|
</fingerprint>
|