hi ,,
i am wondering how can i detect the mail server ,,
suppose we have a net work and there is mail server ,,
how can i detect it ,,
i hear things about Dns query but actually i don't know how ,,
thanks
Printable View
hi ,,
i am wondering how can i detect the mail server ,,
suppose we have a net work and there is mail server ,,
how can i detect it ,,
i hear things about Dns query but actually i don't know how ,,
thanks
The way you have to do it is, read/write from/to the socket. Once you comes with the exception you can decide that server is not detected or not connected. Actually to detect the server you must know the IP and Post.
On a good operating system, if you want to know the public SMTP mail server for foo.com, enterQuote:
Originally Posted by iqcst
That doesn't mean its the only server, but it is the public one.Code:dig foo.com MX
You did not specify if you want outgoing SMTP or incoming POP3 or IMAP They may and often are different.
What do you know about the network? is it public? NAT'd behind a firewall?
etc?
actually i want to discover where is the smtp server !!Quote:
Actually to detect the server you must know the IP and Post.
i have an assignment to discover the botnet who send spam to the smtp server ,,
its first discover the network looking for server ..
all my concern is output smtp ,, i want to prevent the spam in netwrok ,,Quote:
You did not specify if you want outgoing SMTP or incoming POP3 or IMAP They may and often are different.
suppose its lan network and there is a server "mail server"
iam really appreciate your help friends
and i will discover dig command more in my ubunto pc :)
thanks
If you don't know or can't rely upon the DNS/bind/named, you could exhaustivly search the subnet. Just get the IP address of your machine, and try all possible values from 1 to 254 of the last octet.
I'm not sure how talking to the outgoing SMTP server will help debug your botnet. While its easy to use an existing SMTP server, clever bots can just do it all direct. They can fake headers and make it look like your server is sending it, but its really some user in the warehouse with an infected Windows box.