On Thu, 16 Sep 2010, W B Hacker wrote:
> From: W B Hacker <wbh@???>
> To: exim users <exim-users@???>
> Date: Thu, 16 Sep 2010 10:39:18
> Subject: Re: [exim] Hidden Exim version number
>
> Michael Chung wrote:
> > Dear All,
> >
> > I want to hidden the version number of my exim SMTP server. I am using Exim
> > 4.70 now. But I does not want any one to know the for security reason.
> >
> > When I telnet to my SMTP server with port 25, I got the following
> >
> > 220 mai.xxx.com ESMTP Exim 4.70 Wed, 15 Sep 2010 18:33:07 +0800
> >
> > Can I hidden the version number?
> >
> > Thank you very much!
> >
> > Michael
>
> Michael,
>
> See other responses in re using a banner that does not reveal the
> software.
>
> conducive.org/net answer to a telnet conenction with TOD only, for
> example.
>
> But therein lies a tale - that is only a part of the battle, and
> possibly the least important part.
>
> Outgoing traffic will still carry the Exim and version
> identification you 'may' be seeking to conceal.
>
> Note my own posts to this list show:
>
> '...by conducive.net with esmtp (Exim 4.69 (FreeBSD)) '
>
> I've never looked at where THAT needs to be customized, but
> obviously, customizing the smtp banner alone is not enough.
It's the received_header_text in the main configuration that needs
to be modified to remove the exim version number etc.
> ...hopefully one of the wiser folks will chip in....
A long time ago, when I thought I was far more paranoid, I used to
change both the received_header_text and the SMTP greeting. Here's
the appropriate snippet from the configuration I used:
# A multi-line response is said to confuse some ratware. So, as
# it's cheap, we'll buy into this. We'll also lie about who we are.
smtp_banner = Greetings from MMDF-2.44.\n\
I'm pleased to meet you.\n\
${primary_hostname} SMTP Server ready.
# We'll also be shy about announcing who we are on the Received
# lines we generate. Also hide the IP addresses of authenticated
# users. No need to expose their home machines to the unwashed
# masses. The information is in the logs if we ever need it.
received_header_text = Received: \
${if and {{def:sender_host_address}{def:authenticated_id}}\
{from authenticated user }\
{${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}\
${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}}}\
by $primary_hostname \
${if def:received_protocol {with $received_protocol}} \
${if def:tls_cipher {($tls_cipher)}}\
\n\t\
${if def:sender_address \
{(envelope-from <$sender_address>)\n\t}}\
id $message_exim_id\
${if def:received_for {\n\tfor $received_for}}
I'm not sure that all this is necessary now my paranoia is partially
cured. But I'd still hide the IP address of authenticated users.
It's a small snippet of information that I see no reason to leak to
the outside world.
--
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis@??? Phone: +44 1225 386101
