On Wed, Jan 02, 2002 at 09:40:37AM -0500, Derek Broughton wrote:
> I think you need to, at least, allow for $primary_hostname to be
> omitted. I'm not a fan of security by obscurity either, but I have
Already this is possible by using the smtp_banner command, my
understanding was what to make the compile-time default.
And anyway, you'll probably know what the primary_hostname is anyway,
because of having done the MX lookup.
> worked at a number of places (a bank comes to mind) where policy states
> that no identifying information can be displayed in a welcome message
> (in fact for dialup logins, you don't even GET a welcome message, you
> have to know what to type in a blank screen). In such a case, you'd
> need to drop the hostname just to please the bean counters.
This is the same logic that doesn't allow reverse DNS from these places,
isn't it. I, as yet, fail to see how this increases security in the
slightest. Especially with rDNS, where you can often find out who owns
the netblock from the registries anyway. Yuck.
MBM
--
Matthew Byng-Maddick <mbm@???> http://colondot.net/