From: Simon Waters (Simon@wretched.demon.co.uk)
Date: Mon Jul 29 2002 - 11:35:48 EDT
omegatron@hushmail.com wrote:
>
> While I'm at it... is there a way to restrict this information from outgoing messages when using Exchange? Saw a few messages last week that explained how to mask the Exchange server banner, but not for mail headers and such...
I find running mail through Postfix and the following line in
the badheader file....
/^X-Mailer:.*/ ignore
But that is technically an RFC infringement, as envelope
elements are sacrosanct, but I guess that was more important
when lots of external relays were passing mail around. You need
some extra entries to hide internal mail servers, but it isn't
rocket science.
Of course running mail through Postfix probably wasn't the
solution you were after, and I had to kick Postfix to stop
sending standard Postfix bounce messages, and banners. The
hacking guru's will spot Postfix a mile off from the way it
backs of when it encounters errors in the SMTP protocol, but by
that time it has probably already sent a message to the
administrator about the abuse it is getting or will do shortly.
WatchGuard's SMTP proxy will rip out a lot of this kind of
information leakage for you as well (although you have to check
checkboxes to make it happen), and no doubt other good firewall
products do the same. Of course if you rip out this information
in too distinctive a fashion you give yourself away, witness the
versions of BIND 9 that reply to authors.bind but not
version.bind, when the version string has been redefined.
Simon
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT