2020-11-11 22:21:13 +00:00
|
|
|
id: mx-service-detector
|
|
|
|
|
|
|
|
info:
|
2022-03-17 17:01:45 +00:00
|
|
|
name: Email Service Detector
|
2020-11-11 22:21:13 +00:00
|
|
|
author: binaryfigments
|
|
|
|
severity: info
|
2022-03-17 17:01:45 +00:00
|
|
|
description: An email service was detected. Check the email service or spam filter that is used for a domain.
|
|
|
|
classification:
|
|
|
|
cwe-id: CWE-200
|
2023-04-28 08:11:21 +00:00
|
|
|
metadata:
|
|
|
|
max-request: 1
|
2023-10-14 11:27:55 +00:00
|
|
|
tags: dns,service
|
2020-11-11 22:21:13 +00:00
|
|
|
|
|
|
|
dns:
|
|
|
|
- name: "{{FQDN}}"
|
|
|
|
type: MX
|
2021-12-09 13:05:44 +00:00
|
|
|
|
2020-11-11 22:21:13 +00:00
|
|
|
matchers-condition: or
|
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
name: "Office 365"
|
|
|
|
words:
|
|
|
|
- "mail.protection.outlook.com"
|
2021-12-09 13:05:44 +00:00
|
|
|
|
2020-11-11 22:21:13 +00:00
|
|
|
- type: word
|
|
|
|
name: "Google Apps"
|
|
|
|
words:
|
|
|
|
- "aspmx2.googlemail.com"
|
|
|
|
- "aspmx3.googlemail.com"
|
|
|
|
- "alt1.aspmx.l.google.com"
|
|
|
|
- "alt2.aspmx.l.google.com"
|
|
|
|
- "aspmx.l.google.com"
|
2021-12-09 13:05:44 +00:00
|
|
|
|
2020-11-11 22:21:13 +00:00
|
|
|
- type: word
|
|
|
|
name: "ProtonMail"
|
|
|
|
words:
|
|
|
|
- "mail.protonmail.ch"
|
|
|
|
- "mailsec.protonmail.ch"
|
2021-12-09 13:05:44 +00:00
|
|
|
|
2020-11-11 22:21:13 +00:00
|
|
|
- type: word
|
|
|
|
name: "Zoho Mail"
|
|
|
|
words:
|
|
|
|
- "mx.zoho.eu"
|
|
|
|
- "mx2.zoho.eu"
|
|
|
|
- "mx3.zoho.eu"
|
2021-12-09 13:05:44 +00:00
|
|
|
|
2020-11-11 22:21:13 +00:00
|
|
|
- type: word
|
2020-11-11 22:22:57 +00:00
|
|
|
name: "ForcePoint Email Security"
|
2020-11-11 22:21:13 +00:00
|
|
|
words:
|
|
|
|
- "in.mailcontrol.com"
|
2021-12-09 13:05:44 +00:00
|
|
|
|
2020-11-11 22:21:13 +00:00
|
|
|
- type: word
|
|
|
|
name: "E-Zorg NL"
|
|
|
|
words:
|
|
|
|
- "spamfilter02.ezorg.nl"
|
|
|
|
- "spamfilter01.ezorg.nl"
|
|
|
|
- "spamfilter.ezorg.nl"
|
|
|
|
- "spamfilter03.ezorg.nl"
|
2021-12-09 13:05:44 +00:00
|
|
|
|
2020-11-11 22:21:13 +00:00
|
|
|
- type: word
|
|
|
|
name: "Kerio Cloud EU"
|
|
|
|
words:
|
|
|
|
- "mx1.eu1.kerio.cloud"
|
|
|
|
- "mx2.eu1.kerio.cloud"
|
2021-12-09 13:05:44 +00:00
|
|
|
|
2020-11-11 22:21:13 +00:00
|
|
|
- type: word
|
|
|
|
name: "Kerio Cloud US"
|
|
|
|
words:
|
|
|
|
- "mx1.us1.kerio.cloud"
|
|
|
|
- "mx2.us1.kerio.cloud"
|
|
|
|
- "mx3.us1.kerio.cloud"
|
2021-12-09 13:05:44 +00:00
|
|
|
|
2020-11-11 22:21:13 +00:00
|
|
|
- type: word
|
|
|
|
name: "Proofpoint EU"
|
|
|
|
words:
|
|
|
|
- "mx1-eu1.ppe-hosted.com"
|
|
|
|
- "mx2-eu1.ppe-hosted.com"
|
2021-12-09 13:05:44 +00:00
|
|
|
|
2020-11-11 22:21:13 +00:00
|
|
|
- type: word
|
|
|
|
name: "Proofpoint US"
|
|
|
|
words:
|
|
|
|
- "mx1-us1.ppe-hosted.com"
|
2023-10-14 11:27:55 +00:00
|
|
|
- "mx2-us1.ppe-hosted.com"
|
2023-10-19 13:13:52 +00:00
|
|
|
# digest: 4b0a0048304602210099a2fc7473ed27cd6def422387ade50932830f42a13a93928782b060f911f4bf0221009505a43f95011404d692365315d646406918c54d2829546a2312d4d67440ac0e:922c64590222798bb761d5b6d8e72950
|