--On 27 February 2007 15:10:00 +0000 Tony Finch <dot@???> wrote:
> On Tue, 27 Feb 2007, Ian Eiloart wrote:
>>
>> Seriously though, Qmail in Plesk doesn't identify itself, so perhaps it
>> does fill a good proportion of the 50% of servers that don't identify
>> themselves.
>
> Indeed. It would be interesting if they surveyed the EHLO extensions list
> or used some other techniques to at least split up the unidentified
> category, even if the actual software can't be identified.
>
> Tony.
Like this:
<
http://www.oreillynet.com/pub/a/sysadmin/2007/01/05/fingerprinting-mail-servers.html>.
This survey started with a list of 400,000 registered companies (rather
than random IP addresses or domains), and did examine the SMTP extension
lists, and error messages to get 85% identification. They found Exim in 7th
place, on 5.0% of servers, MS on 7.6%.
Similar surveys have been performed in the past:
<http://www.falkotimme.com/projects/survey_smtp.php?id=170>
Two surveys in 2004, mostly of IP addresses in Germany. Exim 5.6%,
unknowns 22%.
<http://cr.yp.to/surveys.html>
1996 - 2001, surveyed 1,000,000 random IP addresses. Mostly Sendmail,
MS, and qmail.
<http://www.securityspace.com/s_survey/data/man.200604/mxsurvey.html>
<http://www.securityspace.com/s_survey/data/man.200606/mxsurvey.html>
<http://www.securityspace.com/s_survey/data/man.200701/mxsurvey.html>
etc. I can't find an index of these surveys, but they survey all the
domains that are surveyed in their web survey.
<http://www.credentia.cc/research/surveys/smtp/200304/>
random IP selection, 5.9% Exim in 2003
--
Ian Eiloart
IT Services, University of Sussex