On 9/7/19 12:13 PM, Cyborg via Exim-users wrote:
> Hi,
>
> several press publications about the exim exploit give different exim
> installation numbers.
>
>
> The Hacker News: "...which runs almost 60% of the internet's email
> servers today..."
> "...leaving at least over half a million
> email servers vulnerable to remote hackers..."
>
> Heise Security: "Shodan names over 5 million server
> <https://www.shodan.io/report/vRKzLpdS>; 175.000 in Germany alone"
>
> Wikipedia: "In August 2019 a study performed by E-Soft, Inc.,^[3]
> <https://en.wikipedia.org/wiki/Exim#cite_note-3> approximately 57% of
> the publicly reachable mail-servers on the Internet ran Exim. "
>
> The question is, what is the reality?
>
The method how they count is inspecting the answer
on the smtp connect.
If the answer matches "exim" they add one.
I'm using exim but I have configured
smtp_banner = $smtp_active_hostname ESMTP $tod_full
I have even further tweaked the received lines to suppress
the default of
[...] (Exim ${version_number} #${compile_number}) [...]
with the "received_header_text" option
So I'm hiding it, and my Exim don't get counted.
But will also never expose a probably vulnerable MTA version to outsiders.
Olaf
--
Karlsruher Institut für Technologie (KIT)
ATIS - Abt. Technische Infrastruktur, Fakultät für Informatik
Dipl.-Geophys. Olaf Hopp
- Leitung IT-Dienste -
Am Fasanengarten 5, Gebäude 50.34, Raum 009
76131 Karlsruhe
Telefon: +49 721 608-43973
Fax: +49 721 608-46699
E-Mail: Olaf.Hopp@???
www.atis.informatik.kit.edu
www.kit.edu
KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft
Das KIT ist seit 2010 als familiengerechte Hochschule zertifiziert.
