Date: Thu, 20 Sep 2001 23:23:16 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Mike Meyer" <mwm@mired.org> Cc: <questions@freebsd.org> Subject: RE: hotmail question Message-ID: <003101c14265$e64caf80$1401a8c0@tedm.placo.com> In-Reply-To: <15274.44498.356604.535810@guru.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: Mike Meyer [mailto:mwm@mired.org] >Sent: Thursday, September 20, 2001 8:03 PM >To: Ted Mittelstaedt >Cc: questions@freebsd.org >Subject: RE: hotmail question > > >Ted Mittelstaedt <tedm@toybox.placo.com> types: >> However, I don't belive that they have. If you Telnet into the SMTP port >> on any of Hotmails mailservers, you most definitely do NOT get a >> Microsoft Exchange banner, unless they have totally modified the SMTP >> banner. (which I fail to see the point of why they would do this) > >Possibly it's a different MS SMTP server than exchange? For instance, >there appears to be one bundled with IIS. > There is. It is very limited but it works well enough to transmit mail from webpage forms and ASP scripts, and it can be set to receive mail into directories on the webserver. A very big problem with this SMTP server is that it can be used as a DoS entry to fill up the hard disk of the NT server with garbage - if you don't take steps to handle what it does with received mail. The SMTP server with IIS and with Exchange server isn't Microsoft's only foray's into SMTP servers. It's also quite true that the banner string is not really a guarantee of anything, and can be made to appear like anything you want. I also would almost expect that any administrator of a large mail system like this would deliberately modify the SMTP greeting to make it appear as though the SMTP server was a completely different software package. This would deter some of the more stupid cracker kiddies because they would be trying crack scripts for the wrong server software package. From a marketing mileage perspective, in my opinion it does tremendous damage to Microsoft that it's NOT running Exchange Server. Arguing over whether it's running UNIX on the backend or not is academic - the fact that it's NOT Exchange is far more serious when you read Microsoft's marketing materials they use to push Exchange. >> One characteristic of Sendmail's banners is that they issue the time and >> date as part of the greeting. I don't know if qmail does also, but I >> don't see why they wouldn't. Microsoft Exchange does not. The Hotmail >> SMTP servers definitely do. > >Both of these have the time and date in them, and look like MS servers >to me: > >220 tkecmailc02.one.microsoft.com Microsoft ESMTP MAIL Service, >Version: 5.0.2195.1600 ready at Thu, 20 Sep 2001 19:40:20 -0700 > This looks very much like the IIS SMTP service banner. But note the version number, this is likely an early version IIS server. You ought to scan it with the Nimda tool as well as submit it to RBL for a spam scan. The early IIS SMTP servers were very, very bad, full of holes. >220-mail5.mmcable.com Microsoft SMTP MAIL ready at Thu, 20 Sep 2001 >21:43:05 -0500 Version: 5.5.1877.537.53 > This is a typical IIS SMTP banner from an IIS server running on NT4. There's often a second line (not shown) listing ESMTP compatability. >I could understand MS tweaking a Unix MTA to claim to be Microsoft, >but why would mmcable do that? > They wouldn't, I'd imagine. But, look at the Hotmail banner for mc6.law5.hotmail.com (one of their MX hosts) 220-HotMail (NO UCE) ESMTP server ready at Thu, 20 Sep 2001 23:13:32 -0700 220 ESMTP spoken here Note the conspicious lack of a version number (like on the mail5.mmcable.com server) it's very unlikely this puppy is an IIS service since all of the IIS SMTP services issue version numbers. Also note the (NO UCE) this is not an option in any Microsoft products I'm aware of, it is however a known proposed anti-spam deterrence. Also, another giveaway is the lack of the name "Microsoft" in the header. All the Microsoft SMTP products (at least the commercial ones that are available) proudly display their name in the banner. I don't want to belabor the point because like I said earlier, banners can be changed and there's certainly reason to do so on large mail services. But it's clear that the Hotmail SMTP banners do not match any known Microsoft SMTP server banners, most particularly that from an Exchange server. If the banner is any indication, the SMTP service is a custom program, which is about what I'd expect for a mail service the size of Hotmail. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003101c14265$e64caf80$1401a8c0>