From e81bf513ccdf7198a1aa8592e4033b5c6b18982b Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Thu, 5 Oct 2023 17:49:14 +0530
Subject: [PATCH] Update exim-detect.yaml

---
 network/detection/exim-detect.yaml | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/network/detection/exim-detect.yaml b/network/detection/exim-detect.yaml
index 0ac76b9fd5..d9f5e2ab29 100644
--- a/network/detection/exim-detect.yaml
+++ b/network/detection/exim-detect.yaml
@@ -1,30 +1,28 @@
 id: exim-detect
 
 info:
-  name: Exim Detect
+  name: Exim - Detect
   author: ricardomaia
   severity: info
   description: |
-    Exim is a message transfer agent (MTA) distributed over GNU General Public License.
+    Exim can accept messages from remote hosts using SMTP over TCP/IP, and as well as from local processes. It handles local deliveries to mailbox files or to pipes attached to commands, as well as remote SMTP deliveries to other hosts.
   reference:
     - https://www.exim.org/docs.html
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
     cwe-id: CWE-200
   metadata:
-    max-request: 1
     verified: true
-  tags: network,detect,smtp,mail
+    shodan-query: product:"Exim smtpd"
+  tags: network,detect,smtp,mail,exim
 
 tcp:
   - inputs:
-      - data: ""
+      - data: "\n"
 
     host:
-      - "{{Hostname}}:25"
-      - "{{Hostname}}:2525"
-      - "{{Hostname}}:465"
-      - "{{Hostname}}:587"
+      - "{{Hostname}}"
+    port: 587
 
     matchers:
       - type: word