Re: [exim] Hidden Exim version number

Top Page
Delete this message
Reply to this message
Author: Ian Eiloart
Date:  
To: Michael Chung, exim-users
Subject: Re: [exim] Hidden Exim version number


--On 15 September 2010 19:15:40 +0800 Michael Chung
<michaelchung@???> wrote:

> Dear All,
>
> I want to hidden the version number of my exim SMTP server. I am using
> Exim 4.70 now. But I does not want any one to know the for security
> reason.
>
> When I telnet to my SMTP server with port 25, I got the following
>
> 220 mai.xxx.com ESMTP Exim 4.70 Wed, 15 Sep 2010 18:33:07 +0800
>
> Can I hidden the version number?


You can (and others have said how), but there's no point. The only reason
I've heard is "security", but if you're running software with a security
bug, then a hacker will not check the version number (which could be hidden
or faked) before attempting to exploit the bug. Heck, they probably won't
even check whether you are running Exim.

On the other hand, displaying version numbers can make it easier for
helpful people to help you. Including alerting you to security updates.

If I have interoperability problems with a remote site, one thing I do is
try to find out what software they're running, and what version, so that I
can help them to fix any problems on their end.

> Thank you very much!
>
> Michael




--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/