Re: [exim] Hidden Exim version number

Top Pagina
Delete this message
Reply to this message
Auteur: Dennis Davis
Datum:  
Aan: exim users
Onderwerp: Re: [exim] Hidden Exim version number
On Thu, 16 Sep 2010, W B Hacker wrote:

> From: W B Hacker <wbh@???>
> To: exim users <exim-users@???>
> Date: Thu, 16 Sep 2010 10:39:18
> Subject: Re: [exim] Hidden Exim version number
>
> Michael Chung wrote:
> > Dear All,
> >
> > I want to hidden the version number of my exim SMTP server. I am using Exim
> > 4.70 now. But I does not want any one to know the for security reason.
> >
> > When I telnet to my SMTP server with port 25, I got the following
> >
> > 220 mai.xxx.com ESMTP Exim 4.70 Wed, 15 Sep 2010 18:33:07 +0800
> >
> > Can I hidden the version number?
> >
> > Thank you very much!
> >
> > Michael
>
> Michael,
>
> See other responses in re using a banner that does not reveal the
> software.
>
> conducive.org/net answer to a telnet conenction with TOD only, for
> example.
>
> But therein lies a tale - that is only a part of the battle, and
> possibly the least important part.
>
> Outgoing traffic will still carry the Exim and version
> identification you 'may' be seeking to conceal.
>
> Note my own posts to this list show:
>
> '...by conducive.net with esmtp (Exim 4.69 (FreeBSD)) '
>
> I've never looked at where THAT needs to be customized, but
> obviously, customizing the smtp banner alone is not enough.


It's the received_header_text in the main configuration that needs
to be modified to remove the exim version number etc.

> ...hopefully one of the wiser folks will chip in....


A long time ago, when I thought I was far more paranoid, I used to
change both the received_header_text and the SMTP greeting. Here's
the appropriate snippet from the configuration I used:

# A multi-line response is said to confuse some ratware.  So, as
# it's cheap, we'll buy into this.  We'll also lie about who we are.
smtp_banner = Greetings from MMDF-2.44.\n\
              I'm pleased to meet you.\n\
              ${primary_hostname} SMTP Server ready.


# We'll also be shy about announcing who we are on the Received
# lines we generate.  Also hide the IP addresses of authenticated
# users.  No need to expose their home machines to the unwashed
# masses.  The information is in the logs if we ever need it.
received_header_text = Received: \
  ${if and {{def:sender_host_address}{def:authenticated_id}}\
    {from authenticated user }\
    {${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
     {${if def:sender_ident {from ${quote_local_part:$sender_ident} }}\
     ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}}}\
  by $primary_hostname \
  ${if def:received_protocol {with $received_protocol}} \
  ${if def:tls_cipher {($tls_cipher)}}\
  \n\t\
  ${if def:sender_address \
  {(envelope-from <$sender_address>)\n\t}}\
  id $message_exim_id\
  ${if def:received_for {\n\tfor $received_for}}


I'm not sure that all this is necessary now my paranoia is partially
cured.  But I'd still hide the IP address of authenticated users.
It's a small snippet of information that I see no reason to leak to
the outside world.
-- 
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis@???               Phone: +44 1225 386101