Quoth Matt Bernstein on Wed, Jan 02, 2002: > I know someone (who shall remain nameless :) who changed his banner to
> hide the version number and MTA name. But if you telnet in to port 25 and
> type "help" it tells you "This is sendmail version 8.10.0".
Gah.
> I don't know
> if that's secure or not, but if it's not known insecure, why hide it?
Exim has a good security record, but if some security hole gets
discovered in the version of Exim I'm running, I don't want to
receive breakin attempts from every script kiddie in the world
immediately.
I'm also opposed to the web browsers sending their names and
version numbers and the names of operating systems they're
running on with each HTTP request. When secure operating systems
and applications become an "industry standard" I may change my
mind.
I think I'll configure Exim to say the default banner on
connections from localhost but hide the name and version on
other connections. In fact, I configured it and it works. [It
was me who asked Philip about it in first place.]
Vadik.
--
The ill-formed Orange
Fails to satisfy the eye:
Segmentation fault.
