Re: [Exim] SMTP banner

Top Page
Delete this message
Reply to this message
Author: Michael J. Tubby B.Sc \(Hons\) G8TIC
Date:  
To: exim-users
Subject: Re: [Exim] SMTP banner
> Peter Radcliffe wrote:
>
> > Philip Hazel <ph10@???> probably said:
> >
> >>Does anybody have any strong feelings about what the default banner
> >>should be? (Any one site can of course change it, by setting
> >>"smtp_banner".) It does seem silly to output the compile number and
> >>date/time, now I come to think about it. Do any of these find favour?
> >>
> >>smtp_banner = Exim ready
> >>smtp_banner = Exim ESMTP server ready
> >>smtp_banner = ESMTP server ready
> >>smtp_banner = OK
> >>smtp_banner = ESMTP session initiated
> >>
> >>Or something else?
> >>
> >
> > I'd vote for;
> >
> > smtp_banner = $primary_hostname ESMTP $tod_full
> >
>
> I think you need to, at least, allow for $primary_hostname to be
> omitted. I'm not a fan of security by obscurity either, but I have
> worked at a number of places (a bank comes to mind) where policy states
> that no identifying information can be displayed in a welcome message
> (in fact for dialup logins, you don't even GET a welcome message, you
> have to know what to type in a blank screen). In such a case, you'd
> need to drop the hostname just to please the bean counters.
>
> derek
>
>


I'd vote for having no default at all and explicitly setting smtp_banner in
the global section of the config file that ships with Exim to something
like:

    smtp_banner = $primary_hostname Exim $version ESMTP $tod_full


with a little commented section above it saying what macros are supported
for subsitution and why the banner should exist and be RFC compliant but
noting the fact that any level of obsecurity can be used - even if it breaks
other MTAs by not being RFC compliant.

Then (hopefully) everyone will be happy ;~)


Mike