id: mx-service-detector info: name: Email Service Detector author: binaryfigments severity: info description: An email service was detected. Check the email service or spam filter that is used for a domain. classification: cwe-id: CWE-200 metadata: max-request: 1 tags: dns,service dns: - name: "{{FQDN}}" type: MX matchers-condition: or matchers: - type: word name: "Office 365" words: - "mail.protection.outlook.com" - type: word name: "Google Apps" words: - "aspmx2.googlemail.com" - "aspmx3.googlemail.com" - "alt1.aspmx.l.google.com" - "alt2.aspmx.l.google.com" - "aspmx.l.google.com" - type: word name: "ProtonMail" words: - "mail.protonmail.ch" - "mailsec.protonmail.ch" - type: word name: "Zoho Mail" words: - "mx.zoho.eu" - "mx2.zoho.eu" - "mx3.zoho.eu" - type: word name: "ForcePoint Email Security" words: - "in.mailcontrol.com" - type: word name: "E-Zorg NL" words: - "spamfilter02.ezorg.nl" - "spamfilter01.ezorg.nl" - "spamfilter.ezorg.nl" - "spamfilter03.ezorg.nl" - type: word name: "Kerio Cloud EU" words: - "mx1.eu1.kerio.cloud" - "mx2.eu1.kerio.cloud" - type: word name: "Kerio Cloud US" words: - "mx1.us1.kerio.cloud" - "mx2.us1.kerio.cloud" - "mx3.us1.kerio.cloud" - type: word name: "Proofpoint EU" words: - "mx1-eu1.ppe-hosted.com" - "mx2-eu1.ppe-hosted.com" - type: word name: "Proofpoint US" words: - "mx1-us1.ppe-hosted.com" - "mx2-us1.ppe-hosted.com" # digest: 4b0a0048304602210099a2fc7473ed27cd6def422387ade50932830f42a13a93928782b060f911f4bf0221009505a43f95011404d692365315d646406918c54d2829546a2312d4d67440ac0e:922c64590222798bb761d5b6d8e72950