Autor: John Ward Data: Dla: Suresh Ramasubramanian, Timothy Arnold CC: 'exim-users@exim.org' Temat: Re: [Exim] hiding software type & version
Sounds like another poor company falling prey to "Auditors". Boy are they in
for a good money spending session.
On Monday 23 December 2002 01:43 pm, Suresh Ramasubramanian wrote: > On Mon, 2002-12-23 at 16:48, Timothy Arnold wrote:
> > Hello,
> > does anyone know in v3/4 how to remove the software type & version of
> > Exim during smtp communication? We recently had an internet security scan
> > performed and they recommended that we remove this information.
>
> Oh, yet another "security by obscurity" measure? That won't ever work
> and is utterly stupid.
>
> You might want to tell whichever "expert" recommended this that there
> are quite a few other ways to fingerprint an MTA - and a whole OS.
>
> Then look for smtp_banner
>
> As long as the idiots don't have you stick a cisco pix in front of your
> exim ...
>