Re: [Exim] hiding software type & version

Top Page
Delete this message
Reply to this message
Author: Dennis Davis
Date:  
To: Nico Erfurth
CC: exim-users
Subject: Re: [Exim] hiding software type & version
>Date: Mon, 23 Dec 2002 14:24:06 +0100 (CET)
>From: Nico Erfurth <masta@???>
>To: Dennis Davis <D.H.Davis@???>
>cc: Timothy Arnold <timothy.arnold@???>,
>    "exim-users@???" <exim-users@???>
>Subject: Re:  [Exim] hiding software type & version

>
>On Mon, 23 Dec 2002, Dennis Davis wrote:
>
>> >From: Timothy Arnold <timothy.arnold@???>
>> >To: 'Suresh Ramasubramanian' <mallet@???>,
>> >    Timothy Arnold <timothy.arnold@???>
>> >Cc: "'exim-users@???'" <exim-users@???>
>> >Subject: RE: [Exim] hiding software type & version
>> >Date: Mon, 23 Dec 2002 11:58:51 -0000

>> >
>> >I realize that there might be other methods for determining what
>> >version of MTA/OS I am running, but why give a scriptkiddie an easy
>> >ride?
>>
>> Quite. I'm happy to do this with most s/w *providing* it's
>> cheap to do. My exim configuration files usually include
>> the following somewhere in the main configuration section:
>>
>> # Let's go almost minimal on the SMTP greeting banner. This is
>> # obviously only relevant if we are listening on the SMTP port.
>> smtp_banner = "${primary_hostname} SMTP Server ready."
>
>you should do
>
>smtp_banner = "${primary_hostname} ESMTP Server ready."
>
>IIRC a server SHOULD announce that it understands ESMTP.
>There was a discussion on exim-users some months ago.


I'll take that as SHOULD as usually defined in the RFCs and not a
MUST as defined in the RFCs. I find little mention of using ESMTP
in the banner greeting of an SMTP server in the appropriate RFC. My
reading of RFC2821 indicates that a client should determine what, if
any extensions are supported, by the response to an EHLO command.
And should even be prepared to have the EHLO command not recognised
and fall back to using the HELO command [1].

Please correct me in I'm wrong, but we've received no complaints
about the use of SMTP, instead of ESMTP, in our banner greetings.
No-one has complained that this has stopped them talking to us.
Certainly mail on this list gets through to me OK despite having to
pass through such anachronistic mail servers :-)

[1] One of the mail systems in use here is MMDF.  And the released
    version certainly doen't know of the EHLO command.  I've
    modified our copy so that the SMTP listener does recognise this
    command.  But this is an example of a mail system in use that
    may not know of the EHLO command.