Vulnerable SMTP Report

LAST UPDATED: 2021-11-12

This report contains a list of vulnerable SMTP servers found by our daily IPv4 full Internet scans.

As of 2021-05-19 it contains a list of vulnerable Exim servers found through our scans, based on vulnerable Exim version information as provided in Qualys Security Advisory 21Nails: Multiple vulnerabilities in Exim.

Please note in the future it will be expanded with additional vulnerabilities, which may be non-Exim.

This scan contains information on services with the following Exim vulnerabilities:

Please note: The above information is based on banner version information collected during the SMTP scan, hence there is a possibility of False Positive reports. If you believe a report is a False Positive, please let us know along with the details of the SMTP server/patch in question.

The report excludes Ubuntu Exim versions >= 4.82 and Debian Exim versions >= 4.89 as it is not possible to determine based on the banner whether the following patches below have been applied:

The following tables shows example mappings that are applied (aside from Ubuntu Exim versions >= 4.82 and Debian Exim versions >= 4.89):

Banner Tag
ESMTP Exim 4.94.2 smtp
ESMTP Exim 4.94.0 smtp;21nails
ESMTP Exim 4.92 smtp;21nails
ESMTP Exim 4.91 smtp;cve-2020-28020

Please note vulnerable Microsoft Exchange servers are reported out in a separate Vulnerable Exchange Server report.

For more information on our scanning efforts, check out our Internet scanning summary page.

This report comes in 2 versions, IPv4 and IPv6.

Filenames: scan_smtp_vulnerable, scan6_smtp_vulnerable

Fields

  • timestamp
    Timestamp when the IP was seen in UTC+0
  • ip
    IP of the affected device
  • port
    Port response was received from
  • hostname
    Hostname of the affected device (may be from reverse DNS)
  • tag
    Array of tags. This could be for example smtp;21nails or smtp;cve-2020-28020
  • asn
    AS of the affected device
  • geo
    Country of the affected device
  • region
    Region of the affected device
  • city
    City of the affected device
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • banner
    SMTP server banner collected

Sample

"timestamp","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","sic","banner"
"2021-05-14 07:08:12","66.228.x.x","tcp",25,"xxx.members.linode.com","smtp;cve-2020-28020",63949,"US","NEW JERSEY","CEDAR KNOLLS",518210,,"220 localhost.localdomain ESMTP Exim 4.89 Fri, 14 May 2021 07:08:13 +0000|"
"2021-05-14 07:08:12","185.148.x.x","tcp",25,"vps026.xxx.cloud","smtp;21nails",15830,"IT","SAVONA","LOANO",,,"220 vps026.xxx.cloud ESMTP Exim 4.94 Fri, 14 May 2021 09:08:12 +0200|"
"2021-05-14 07:08:12","193.124.x.x","tcp",25,"xxx.xxx.ru","smtp;21nails",35196,"RU","MOSKVA","MOSCOW",,,"220 xxx.xxx.ru ESMTP Exim 4.92.3 Fri, 14 May 2021 10:08:12 +0300|"
"2021-05-14 07:08:12","122.152.x.x","tcp",25,,"smtp;cve-2020-28020",45090,"CN","BEIJING SHI","HAIDIAN",518210,,"220 localhost ESMTP Exim 4.84_2 Fri, 14 May 2021 15:08:13 +0800|"
"2021-05-14 07:08:12","138.99.x.x","tcp",25,"m16.xxx.inf.br","smtp;21nails",52686,"BR","SAO PAULO","PEDREIRA",,,"220 m16.xxx.inf.br ESMTP Exim 4.92.3 Fri, 14 May 2021 04:08:13 -0300|"
"2021-05-14 07:08:12","82.146.x.x","tcp",25,"shina-xxx.ru","smtp;cve-2020-28020",29182,"US","NEW YORK","NEW YORK",,,"220 shina-xxx.ru ESMTP Exim 4.89 Fri, 14 May 2021 10:08:13 +0300|"
"2021-05-14 07:08:12","188.210.x.x","tcp",25,"188210xxx.xxx-mail.eu","smtp;21nails",50599,"PL","MAZOWIECKIE","WARSAW",,,"220 h21.xxx.pl ESMTP Exim 4.94 Fri, 14 May 2021 09:08:13 +0200|"

Our 119 Report Types