danielmiessler.com » Email

What MTA Do The Big Universities Use?

Daniel Miessler — Sat, 14 Jun 2008 04:08:35 +0000

Ever wonder what mail servers people run? I found myself wondering what the top universities used, so I wrote a lame little script to go and query the top 50 schools from this list, find out their mail servers, and then netcat to them to see what they respond with.

The results were interesting. I was specifically wondering how the war between Sendmail and Postfix was going. As expected, Sendmail is still winning, but Postfix seems to be holding its own.

220 perseus.services.brown.edu ESMTP Sendmail X.X.X; Tue, 9 May 2006 17:06:13 -0400 (EDT)
220 mailhub4.dartmouth.edu ESMTP Sendmail 8.13.5/DND2.0/8.13.5; Tue, 9 May 2006 17:06:16 -0400
220 ns3.br.harvard.edu ESMTP Postfix
220 nisc.net.isc.upenn.edu ESMTP Postfix
220 emfw1.Princeton.EDU ESMTP (0ebdea0d60768e14e7c57b1a3713dd99)
220 mr5.its.yale.edu ESMTP server ready at Tue, 9 May 2006 17:06:18 -0400
220 MIT.EDU ESMTP Sendmail (no collect or third party calls) at Tue, 9 May 2006 17:06:19 -0400 (EDT)
220 water-ox.its.caltech.edu ESMTP Postfix
220 mx4.stanford.edu ESMTP Postfix
220-pohl.acpub.duke.edu ESMTP Duke University Sendmail 8.12.10/Duke-5.0.0;
220 MailRouter-2.wustl.edu ESMTP Mirapoint 3.5.8-GR; Tue, 9 May 2006 16:06:26 -0500 (CDT)
220 relay.it.northwestern.edu ESMTP Postfix
220 ipex2.johnshopkins.edu ESMTP
(–snipped–)

So out of 36 responses I got 7 with Postfix in the banner. If we take that highly unscientific sample and call it legit, we’re looking at roughly 20% of top-50 universities using Postfix. Not bad.

Aside from the MTA war, though, it was just interesting to see what these guys were putting in their banners. Check out the Princeton one, for example — they have some sort of secret message encoded with MD5 in theirs. And MIT points out that they don’t want any collect or third party calls. Nice.

Anyway, here are the results and the tool I used. Be sure to check out the raw output as well; there are quite a few interesting tidbits in there.:

Files

[ The Results ]
[ The Raw Results ]
[ The Script I Used ]
[ The List of Universities I Used ]

Email Authentication (SPF)

Daniel Miessler — Mon, 11 Feb 2008 11:28:20 +0000

Got a wicked PayPal spam message today. Looked totally legit.

Here are the headers:

So SPF caught it but it failed “soft”. At what point do we as mail server admins (Google in this case) start dropping these emails instead of letting them through?

Or, to put it another way, what part of an official email from PayPal coming from mail.royalimaging.net (64.2.112.131.ptr.us.xo.net [64.2.112.131]) doesn’t make you want to drop it?

grrr.

Got Bacn?

Daniel Miessler — Tue, 21 Aug 2007 01:30:09 +0000

Bacn is an unwanted byproduct of the Web2.0 craze. It’s all the email that you get as notifications and updates that would have been spam if you hadn’t actually requested it.

It’s email you want – but not right now.

[ Bacn ]

From Mailing Lists To RSS

Daniel Miessler — Thu, 22 Feb 2007 15:40:57 +0000

I’m not sure how this is going to work out yet, but I’m making the switch away from mailing list for a couple of my key security sources — most importantly, Full Disclosure and Bugtraq.

A few I’ll still interact with through my mail client, i.e. those that I participate actively in more often, but for the majority of them I’m going to be moving to RSS. Here’s a short list of feeds you might want to look at:

And here’s a comprehensive list from seclist.org.

Postfix, Courier-Imap, Mail.app, and Certificates

Daniel Miessler — Wed, 21 Feb 2007 03:01:19 +0000

I just finished getting Mail.app to recognize two seperate SSL certs from my server — one for imap.dmiessler.com, and another for smtp.dmiessler.com. This was less than trivial (mostly due to my own stupidity).

What this means is that I can finally use real domain names in my certificates (self-signed) for two separate hostnames while avoiding the annoying prompts that OS X likes to throw when it senses tomfoolery.

Here are the steps:

Create your Postfix certificates the way Weitse wants you to, using your SMTP hostname.
Import both the CA cert and your actual Postfix certificate into OS X.
For IMAP, edit your imapd.cnf file to reflect your IMAP hostname, etc.
Run mkimapdcert.
Import that certificate into OS X.

Now when you open Mail.app you should not get prompted to accept any certificates. The trick is that you need to import the CA’s cert on the Postfix side or it won’t work. But with courier this is not required. It has something to do with the format of the certificates being different.

It’s on my list of things to research, but for now I’m just happy I got it working exactly as I want it.

Is It Just Me Or Is Spam Kickin’ Lately?

Daniel Miessler — Fri, 20 Oct 2006 04:37:26 +0000

I cleaned out my Gmail spam folder yesterday. As I type this I have 275 messages in there already. Damn. And I’ve received like…15 legitimate emails in that same amount of time (not counting mailing lists).

Yeah, I think we’re losing this battle. I’m thinking of checking out a service like MXLogic.

What Mail Server Do The Fortune 100 Companies Use?

Daniel Miessler — Fri, 18 Aug 2006 06:40:54 +0000

Ever wonder what mail servers the top U.S. companies run? I found myself wondering what the top universities used a while back, and I just recently got curious as to what the Fortune 100 companies used as well. The results were quite interesting; it’s always fun to see what some of these admins put in their mail banners:

220 plgmler2.imr.gm.com ESMTP Sendmail GM Secure; Thu, 17 Aug 2006 23:23:21 -0500
220 mail11.disney.com Postfix EGGS and Butter 
220 IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
220 Medco - Ready 220 mailgate2.safeway.com ESMTP ***** SMTP Ready *****
220 mail1.cat.com ESMTP Microsoft Exchange Internet Mail Service 5.5.2657.72) ready
220 Northrop Grumman Corporation Ready
220 mms01bas.mms.us.syntegra.com (IntraStore TurboSendmail) ESMTP Service ready
220 [12.43.78.22] ESMTP
220 wamu.com Proxy Server 220 fdsmail01.fds.com Microsoft ESMTP MAIL Service, Version:
5.0.2195.6713 ready at Fri, 18 Aug 2006 00:31:58 -0400

Quite a few of the banners warn anyone reading not to use the service for spam, although I have to wonder whether or not a spammer has ever changed their behavior due to a warning like this.

We also get to see some personality in the way the servers say goodbye (SMTP 221):

221 Bye
221 Until later [69.214.242.13]
221 Catch you later

Anyway, here are the complete results as well as the stuff I used to run the test:

Input

The Script The Company File

Output

The Complete Banners The Exit Messages

–

** Note: There’s a fine line between being curious about interesting service banners and portscanning. If you don’t know what that difference is then you probably shouldn’t be doing this at home. :)

WonderfulBuys Spam

Daniel Miessler — Thu, 27 Jul 2006 06:00:22 +0000

Bastards.

These people are going through Gmail and Spamassasin filters like they aren’t there. I guarantee you they’re all stupid rich, too. Here’s my quick-fix via .mailfilter thanks to them always putting that text in the From: field: # Wonderful Spam if ( /^From:.*Wonderful.Buys.com/ ) { to "Maildir/.Junk" }

I’ll know tomorrow if I got the syntax right…

danielmiessler.com » Email

What MTA Do The Big Universities Use?

Files

Related Content

Email Authentication (SPF)

Related Content

Got Bacn?

Related Content

From Mailing Lists To RSS

Related Content

Postfix, Courier-Imap, Mail.app, and Certificates

Related Content

Is It Just Me Or Is Spam Kickin’ Lately?

Related Content

What Mail Server Do The Fortune 100 Companies Use?

Input

Output

Related Content

WonderfulBuys Spam

Related Content