a hacked e-mail account is a catastrophe – look at Hillary.

telnet dwaves.de 25; # a simple telnet tells you that this server is running
Trying 78.46.249.71...
Connected to dwaves.de.
Escape character is '^]'.
220 dwaves.de ESMTP Exim 4.XX_X Tue, 13 Jun 2017 13:40:12 +0200

it is probably wise to hide the version info of exim… so hopefully it’s not possible to detect and attack known faulty versions.

https://serverfault.com/questions/352176/remove-exim-version-number

no seriously – especially if you used it to register at eBay … Amazon and god knows what else.

A hacker with access to your mail – can request password-reset mails from those services – resetting your eBay and Amazon password… and then ordering 20xPlaystation5 to some alibi location. Not soooo good.

i had this in dmesg

first i thought i need to update exim4 because it contains errors… then i thought maybe the RAM is bad… but that would be Hetzner’s ram…

but it could also be AN ATTACK https://blog.skullsecurity.org/2010/watch-out-for-exim

maybe it would be wise to disable those password-reset e-mails with this plugin: https://wordpress.org/plugins/manage-notification-emails/

just in case your mail-account get’s hacked…

it seems hard but not impossible to reverse engineer a md5 hashed password… (unsalted)

https://stackoverflow.com/questions/1240852/is-it-possible-to-decrypt-md5-hashes

you can

echo -n 1D8dfk | md5sum; # md5 hash password
1df08a562305b51810736543b019987e

and copy that into: https://crackstation.net/

… so Hello123! is not a sufficient complex or long password.

to check if your mail-password is easy to find out.

i got a mail:

exim paniclog /var/log/exim4/paniclog

on domain.de has non-zero size, mail system might be broken. The last 10 lines are quoted below.

2017-06-09 06:04:35 1dIGcZ-0004Pa-Um == user@domain.com R=localuser T=local_delivery defer (-1): Malformed value „unlimitedM“ (expansion of „${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M“) in local_delivery transport
2017-06-09 06:04:35 1dGK4m-0001Cg-17 == user@domain.com R=localuser T=local_delivery defer (-1): Malformed value „unlimitedM“ (expansion of „${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M“) in local_delivery transport
2017-06-09 06:04:35 1dDqpd-0003YV-RT == user@domain.com R=localuser T=local_delivery defer (-1): Malformed value „unlimitedM“ (expansion of „${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M“) in local_delivery transport
2017-06-09 06:04:35 1dFHMF-0004aS-J9 == user@domain.com R=localuser T=local_delivery defer (-1): Malformed value „unlimitedM“ (expansion of „${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M“) in local_delivery transport
2017-06-09 06:04:35 1dGVRg-0007rb-Rq == user@domain.com R=localuser T=local_delivery defer (-1): Malformed value „unlimitedM“ (expansion of „${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M“) in local_delivery transport
2017-06-09 06:04:35 1dIsPP-0003kv-6F == user@domain.com R=localuser T=local_delivery defer (-1): Malformed value „unlimitedM“ (expansion of „${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M“) in local_delivery transport
2017-06-09 06:04:35 1dIJCd-0007m4-8e == user@domain.com R=localuser T=local_delivery defer (-1): Malformed value „unlimitedM“ (expansion of „${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M“) in local_delivery transport
2017-06-09 06:04:35 1dGoKi-0003Sx-HM == user@domain.com R=localuser T=local_delivery defer (-1): Malformed value „unlimitedM“ (expansion of „${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M“) in local_delivery transport
2017-06-09 06:04:35 1dHq7k-0007CL-Ek == user@domain.com R=localuser T=local_delivery defer (-1): Malformed value „unlimitedM“ (expansion of „${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M“) in local_delivery transport
2017-06-09 06:04:35 1dEB3Q-0004sI-Dv == user@domain.com R=localuser T=local_delivery defer (-1): Malformed value „unlimitedM“ (expansion of „${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M“) in local_delivery transport

top10 most used mail servers:

663 25/tcp open smtp? syn-ack <- unknown hidden identity mailservers
240 25/tcp open smtp syn-ack Postfix smtpd
206 25/tcp open smtp syn-ack Exim smtpd 4.69
174 25/tcp open tcpwrapped syn-ack
151 25/tcp open smtp syn-ack
96 25/tcp open smtp syn-ack Microsoft ESMTP 6.0.3790.4675
78 25/tcp open smtp syn-ack qmail smtpd
77 25/tcp open smtp syn-ack netqmail smtpd 1.04
40 25/tcp open smtp syn-ack BorderWare firewall smtpd
22 25/tcp open smtp syn-ack Microsoft ESMTP
21 25/tcp open smtp syn-ack Microsoft ESMTP 6.0.3790.3959
19 25/tcp open smtp syn-ack Cisco PIX sanitized smtpd
18 25/tcp open smtp syn-ack Sendmail 8.13.8/8.13.8
14 25/tcp open smtp syn-ack Access Remote PC smtpd
13 25/tcp open smtp syn-ack Exim smtpd 4.72
11 25/tcp open smtp syn-ack hMailServer smtpd
11 25/tcp open smtp syn-ack Exim smtpd 4.63
10 25/tcp open smtp syn-ack Exim smtpd
9 25/tcp open smtp syn-ack Exim smtpd 4.X
8 25/tcp open smtp syn-ack Sendmail 8.13.1/8.13.1
8 25/tcp open smtp syn-ack Sendmail (Not accepting mail)
8 25/tcp open smtp syn-ack Exim smtpd 4.67
7 25/tcp open smtp syn-ack Sendmail 8.9.3/8.9.3
6 25/tcp open smtp syn-ack Sendmail 8.14.3/8.14.3
6 25/tcp open smtp syn-ack Microsoft ESMTP 6.0.2600.5949
6 25/tcp open smtp syn-ack Microsoft ESMTP 5.0.2195.7381
6 25/tcp open smtp syn-ack Microsoft ESMTP 5.0.2195.5329
5 25/tcp open smtp syn-ack IronPort smtpd
5 25/tcp open smtp syn-ack Barracuda Networks Spam Firewall smtpd
4 25/tcp open smtp-proxy syn-ack ESET NOD32 anti-virus smtp proxy
4 25/tcp open smtp syn-ack Sendmail 8.13.6/8.13.1
4 25/tcp open smtp syn-ack Sendmail 8.12.6/8.12.6
4 25/tcp open smtp syn-ack Sendmail 8.11.6
4 25/tcp open smtp syn-ack Microsoft ESMTP 6.0.3790.1830
4 25/tcp open smtp syn-ack MailEnable smptd 1.986--
3 25/tcp open smtp syn-ack Sendmail 8.14.4/8.14.4
3 25/tcp open smtp syn-ack Sendmail 8.12.11/8.12.11
3 25/tcp open smtp syn-ack Sendmail 8.12.11.20060308/8.12.11
3 25/tcp open smtp syn-ack Microsoft ESMTP 7.0.6002.18222
3 25/tcp open smtp syn-ack Microsoft ESMTP 5.0.2195.6713
3 25/tcp open smtp syn-ack Exim smtpd 4.71
3 25/tcp open smtp syn-ack Exim
2 25/tcp open smtp-proxy syn-ack spamd smtpd
2 25/tcp open smtp syn-ack SonicWALL Email Security smtpd 7.2.1.2841
2 25/tcp open smtp syn-ack SmarterMail smtpd
2 25/tcp open smtp syn-ack Sendmail 8.14.4/8.14.3
2 25/tcp open smtp syn-ack Sendmail 8.14.2/8.14.2
2 25/tcp open smtp syn-ack Sendmail 8.13.8/8.13.1
2 25/tcp open smtp syn-ack Sendmail 8.13.7/8.13.7
2 25/tcp open smtp syn-ack Sendmail 8.13.6/8.13.6
2 25/tcp open smtp syn-ack Sendmail 8.12.11.20060614
2 25/tcp open smtp syn-ack Sendmail 8.12.10/8.12.10
2 25/tcp open smtp syn-ack Sendmail 8.11.6/8.11.6
2 25/tcp open smtp syn-ack Microsoft Exchange (disabled)
2 25/tcp open smtp syn-ack Microsoft ESMTP 7.5.7600.16385
2 25/tcp open smtp syn-ack Mercury/32 smtpd (Mail server account Maiser)
2 25/tcp open smtp syn-ack MailEnable smptd 1.981--
2 25/tcp open smtp syn-ack MailEnable smptd 1.9--
2 25/tcp open smtp syn-ack MailEnable smptd 0-3.63-
2 25/tcp open smtp syn-ack Exim smtpd 4.68
2 25/tcp open smtp syn-ack Checkpoint FireWall-1 smtpd
2 25/tcp open chat syn-ack AIM or ICQ server
1 25/tcp open smtp-proxy syn-ack WatchGuard smtp proxy
1 25/tcp open smtp-proxy syn-ack IronMail CipherTrust SMTP Proxy
1 25/tcp open smtp-proxy syn-ack Genua smtprelay
1 25/tcp open smtp syn-ack mailfront smtpd
1 25/tcp open smtp syn-ack hMailServer
1 25/tcp open smtp syn-ack XWall smtpd 3.46
1 25/tcp open smtp syn-ack Winmail smtpd
1 25/tcp open smtp syn-ack WinWebMail smtpd 3.8.1.1
1 25/tcp open smtp syn-ack WinWebMail smtpd 3.8.0.1
1 25/tcp open smtp syn-ack Surgemail smtpd 3.7b8-8
1 25/tcp open smtp syn-ack Sendmail 8.14.4/8.14.1
1 25/tcp open smtp syn-ack Sendmail 8.14.4/8.14
1 25/tcp open smtp syn-ack Sendmail 8.14.4/8.13.1
1 25/tcp open smtp syn-ack Sendmail 8.14.4/8.12.2
1 25/tcp open smtp syn-ack Sendmail 8.14.4/8
1 25/tcp open smtp syn-ack Sendmail 8.14.3/8.13.8
1 25/tcp open smtp syn-ack Sendmail 8.14.2
1 25/tcp open smtp syn-ack Sendmail 8.14.1
1 25/tcp open smtp syn-ack Sendmail 8.14.0/8.14.0
1 25/tcp open smtp syn-ack Sendmail 8.14.0/8.13.8
1 25/tcp open smtp syn-ack Sendmail 8.13.8+Sun/8.13.8
1 25/tcp open smtp syn-ack Sendmail 8.13.6/8.12.9
1 25/tcp open smtp syn-ack Sendmail 8.13.5.20060614/8.13.3
1 25/tcp open smtp syn-ack Sendmail 8.13.4/8.11.6
1 25/tcp open smtp syn-ack Sendmail 8.13.1
1 25/tcp open smtp syn-ack Sendmail 8.12.8/8.12.8
1 25/tcp open smtp syn-ack Sendmail 8.12.5/8.12.5
1 25/tcp open smtp syn-ack Sendmail 8.11.6/8
1 25/tcp open smtp syn-ack Sendmail 8.1
1 25/tcp open smtp syn-ack Rockliffe MailSite 9.0.1.5
1 25/tcp open smtp syn-ack Postfix smtpd (ispCP OMEGA 1.0.2)
1 25/tcp open smtp syn-ack Postfix
1 25/tcp open smtp syn-ack Network Box smtpd
1 25/tcp open smtp syn-ack Mirapoint Messaging Server MOS smtpd 4.1.9-GA Queueing
1 25/tcp open smtp syn-ack Microsoft ESMTP 7.5.7600.16601
1 25/tcp open smtp syn-ack Microsoft ESMTP 7.5.7600.16544
1 25/tcp open smtp syn-ack Microsoft ESMTP 6.0.3790.211
1 25/tcp open smtp syn-ack Microsoft ESMTP 6.0.2600.5512
1 25/tcp open smtp syn-ack Microsoft ESMTP 6.0.2600.3680
1 25/tcp open smtp syn-ack MailMarshal 6.8.3.9481
1 25/tcp open smtp syn-ack MailEnable smptd 4.26--4.26
1 25/tcp open smtp syn-ack MailEnable smptd 4.26--
1 25/tcp open smtp syn-ack MailEnable smptd 4.23--
1 25/tcp open smtp syn-ack MailEnable smptd 4.22--4.22
1 25/tcp open smtp syn-ack MailEnable smptd 4.17--
1 25/tcp open smtp syn-ack MailEnable smptd 3.62--
1 25/tcp open smtp syn-ack MailEnable smptd 0-4.26-
1 25/tcp open smtp syn-ack MailEnable smptd 0-4.25-
1 25/tcp open smtp syn-ack MailEnable smptd 0-4.0-
1 25/tcp open smtp syn-ack MailEnable smptd 0-3.11-3.04
1 25/tcp open smtp syn-ack MailEnable smptd --3.63
1 25/tcp open smtp syn-ack MAILsweeper SMTP proxy
1 25/tcp open smtp syn-ack Lyris ListManager smtpd
1 25/tcp open smtp syn-ack Lotus Domino smtpd 8.5.2
1 25/tcp open smtp syn-ack Lotus Domino smtpd 8.5 HF1086
1 25/tcp open smtp syn-ack Linuxmagic qmail-based smtpd (with Anti-Spam)
1 25/tcp open smtp syn-ack JAMES smtpd 2.3.2
1 25/tcp open smtp syn-ack IceWarp smtpd 10.0.8
1 25/tcp open smtp syn-ack IceWarp smtpd 10.0.7
1 25/tcp open smtp syn-ack IMail NT-ESMTP 9.21 137016-1
1 25/tcp open smtp syn-ack IMail NT-ESMTP 8.22 123846-3
1 25/tcp open smtp syn-ack IMail NT-ESMTP 11.02 19-1
1 25/tcp open smtp syn-ack IMail NT-ESMTP 11.01 7292-1
1 25/tcp open smtp syn-ack IA Mailserver smtpd
1 25/tcp open smtp syn-ack Exim smtpd 4.62
1 25/tcp open smtp syn-ack Exim smtpd 4.42
1 25/tcp open smtp syn-ack Communigate Pro SMTP 5.2.20
1 25/tcp open smtp syn-ack Code-Crafters Ability smtpd 2.63
1 25/tcp open smtp syn-ack ArGoSoft Mail Server Pro 1.8.8.7
1 25/tcp open smtp syn-ack ArGoSoft Freeware smtpd 1.8.8.8
1 25/tcp open smtp syn-ack Alt-N MDaemon mail server 9.6.2
1 25/tcp open smtp syn-ack Alt-N MDaemon mail server 9.5.6
1 25/tcp open smtp syn-ack Alt-N MDaemon mail server 9.0.7
1 25/tcp open smtp syn-ack Alt-N MDaemon mail server 8.1.4
1 25/tcp open smtp syn-ack Alt-N MDaemon mail server 11.0.3
1 25/tcp open smtp syn-ack Alt-N MDaemon mail server 11.0.2
1 25/tcp open smtp syn-ack Alt-N MDaemon mail server 11.0.0
1 25/tcp open smtp syn-ack Alt-N MDaemon mail server 10.0.0
1 25/tcp open smtp syn-ack (Relay not authorized)
1 25/tcp open nagios-nsca syn-ack Nagios NSCA
1 25/tcp open jdwp syn-ack

produced with:

sudo nmap -n -d --log-errors -PS25 -p25 --open -sV -T5 -iR 600000 -oA output_smtp_versions.txt

src: https://blogdata.skullsecurity.org/smtp-versions-count.txt

comparison:

If discussing the internet so kind of program or software are there but when come on message handling services so mail transfer agent is an application that transfers information from one PC to another using client–server application architecture. MTA responsible for both the side client and server part of the SMTP (Simple Mail Transfer Protocol).
A mail server is your personal PC that serves as an electronic post office for email. Mail exchanged across networks is passed between email servers that run a specially designed application. These application programs are built around agreed-upon, standardized protocols for managing information. Here you are going to have the right information about the Postfix vs exim vs sendmail.

You have an option in using MTA in a Linux system. It can be used sendmail, postfix, qmail or exim. A selection of MTA relies on many aspects such as followings

  • A good protection record
  • Efficiency with good performance on high load
  • Versatile and clear understandable files
  • Connect to data source in many formats
  • Many of the SMTP versions in use
  • Quality documentation of third-party is available
  • There are important customer communities

Exim
Exim is mail transfer agent (MTA) used on Unix operating-system. Exim is free software application allocated under the GNU Common Public Certificate, and it is designed to be a standard and versatile mailer with comprehensive features for verifying incoming e-mail.

  • A great number of Exim setups are available, especially within the ISP and colleges and universities in the UK.
  • Security purpose: Quite good
  • Performance Level: Very good
  • Since: 1995.
  • Community: Large
  • Guides are available for settings, Not very easy to set up because it simply upgrades the Unix email program idea. But the most significant factor is this application is not managed and moreover it is not purely an open source solution. Exim’s protection has had a number of serious protection issues clinically diagnosed over the years.

Postfix
Postfix is like qmail but the interface is like Unix so simple to set up. postfix rests between qmail and exim. Postfix is less flexible than Exim, and this is mostly due to its major style requirements being protection. Individually in really like postfix.

  • Security purpose: Good record.
  • Performance Level: Excellent
  • Since: 1997
  • Community: Medium-sized
  • Postfix is a no cost and open-source mail transfer agent that tracks and provides an email. Postfix is launched under the IBM Public Certificate 1.0 which is a no cost application license. Originally published in 1997 by the IBM.

Sendmail
Now the term to know about the sendmail. Sendmail is charged with many protection problems in previous. Now it’s a bit enhanced. Sendmail delivered as standard MTA is many a Linux system. It’s simple to set up and appropriate environment where protection is not the main concern. Sendmail is most well known MTA.

  • Security purpose: Not better but still better from the past all versions
  • Performance Level: Ok for many
  • Since: 1982
  • Community: Large
  • Sendmail is a general purpose internetwork email redirecting facility that facilitates many kinds of mail-transfer and delivery methods, including the SMTP.

src & credits: https://hoststud.com/resources/comparison-between-mtas-postfix-vs-exim-vs-sendmail.158/

admin