Vulnerable SMTP Report

LAST UPDATED: 2021-11-12

This report contains a list of vulnerable SMTP servers found by our daily IPv4 full Internet scans.

As of 2021-05-19 it contains a list of vulnerable Exim servers found through our scans, based on vulnerable Exim version information as provided in Qualys Security Advisory 21Nails: Multiple vulnerabilities in Exim.

Please note in the future it will be expanded with additional vulnerabilities, which may be non-Exim.

This scan contains information on services with the following Exim vulnerabilities:

21nails – the vulnerability set uncovered by Qualys
CVE-2020-28020 (unauthenticated RCE as “exim”, in Exim < 4.92), also covered by the 21nails Qualys advisory but distinctly tagged.

Please note: The above information is based on banner version information collected during the SMTP scan, hence there is a possibility of False Positive reports. If you believe a report is a False Positive, please let us know along with the details of the SMTP server/patch in question.

The report excludes Ubuntu Exim versions >= 4.82 and Debian Exim versions >= 4.89 as it is not possible to determine based on the banner whether the following patches below have been applied:

The following tables shows example mappings that are applied (aside from Ubuntu Exim versions >= 4.82 and Debian Exim versions >= 4.89):

Banner	Tag
ESMTP Exim 4.94.2	smtp
ESMTP Exim 4.94.0	smtp;21nails
ESMTP Exim 4.92	smtp;21nails
ESMTP Exim 4.91	smtp;cve-2020-28020

Please note vulnerable Microsoft Exchange servers are reported out in a separate Vulnerable Exchange Server report.

For more information on our scanning efforts, check out our Internet scanning summary page.

This report comes in 2 versions, IPv4 and IPv6.

Filenames: scan_smtp_vulnerable, scan6_smtp_vulnerable

Fields

timestamp

Timestamp when the IP was seen in UTC+0
ip

IP of the affected device
port

Port response was received from
hostname

Hostname of the affected device (may be from reverse DNS)
tag

Array of tags. This could be for example smtp;21nails or smtp;cve-2020-28020
asn

AS of the affected device
geo

Country of the affected device
region

Region of the affected device
city

City of the affected device
naics

North American Industry Classification System Code
sic

Standard Industrial Classification System Code
banner

SMTP server banner collected

Sample

"timestamp","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","sic","banner"
"2021-05-14 07:08:12","66.228.x.x","tcp",25,"xxx.members.linode.com","smtp;cve-2020-28020",63949,"US","NEW JERSEY","CEDAR KNOLLS",518210,,"220 localhost.localdomain ESMTP Exim 4.89 Fri, 14 May 2021 07:08:13 +0000|"
"2021-05-14 07:08:12","185.148.x.x","tcp",25,"vps026.xxx.cloud","smtp;21nails",15830,"IT","SAVONA","LOANO",,,"220 vps026.xxx.cloud ESMTP Exim 4.94 Fri, 14 May 2021 09:08:12 +0200|"
"2021-05-14 07:08:12","193.124.x.x","tcp",25,"xxx.xxx.ru","smtp;21nails",35196,"RU","MOSKVA","MOSCOW",,,"220 xxx.xxx.ru ESMTP Exim 4.92.3 Fri, 14 May 2021 10:08:12 +0300|"
"2021-05-14 07:08:12","122.152.x.x","tcp",25,,"smtp;cve-2020-28020",45090,"CN","BEIJING SHI","HAIDIAN",518210,,"220 localhost ESMTP Exim 4.84_2 Fri, 14 May 2021 15:08:13 +0800|"
"2021-05-14 07:08:12","138.99.x.x","tcp",25,"m16.xxx.inf.br","smtp;21nails",52686,"BR","SAO PAULO","PEDREIRA",,,"220 m16.xxx.inf.br ESMTP Exim 4.92.3 Fri, 14 May 2021 04:08:13 -0300|"
"2021-05-14 07:08:12","82.146.x.x","tcp",25,"shina-xxx.ru","smtp;cve-2020-28020",29182,"US","NEW YORK","NEW YORK",,,"220 shina-xxx.ru ESMTP Exim 4.89 Fri, 14 May 2021 10:08:13 +0300|"
"2021-05-14 07:08:12","188.210.x.x","tcp",25,"188210xxx.xxx-mail.eu","smtp;21nails",50599,"PL","MAZOWIECKIE","WARSAW",,,"220 h21.xxx.pl ESMTP Exim 4.94 Fri, 14 May 2021 09:08:13 +0200|"

Our 134 Report Types

« Back to Network Reporting