smtpd_banner = $myhostname ESMTP $mail_name

On Sunday, January 30, 2005 at 14:54 CET,
What would be the point of that? Anyone with a clue would be able to
identify your MTA as Postfix anyway.

--=20
Magnus B=E4ck
***@dsek.lth.se

Whatever for?
To convince nmap you are not Postfix, you could run Sendmail :-)

Exercise: What software is running on this machine (guilty domain suppressed)?

< 220 ?????????.??.com ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2657.72) ready
< 221 Error: I can break rules, too. Goodbye.

Lol :-)
Ok, it isn't very imporant.
Anyway postfix don't reveal his version.
Thanks to all,
Thomas

Hmm, Postfix?

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig132E9D14D378C9AF41404299
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
True, but wouldn't it be just as simple to say,"Change smtpd_banner =3D=20
$myhostname ESMTP $mail_name to smtpd_banner =3D $myhostname ESMTP"?

If he wants to do something that harms no one, let him.

--=20
Robin Lynn Frank - Director of Operations - Paradigm-Omega, LLC
Website: http://www.paradigm-omega.com/
RSS: http://paradigm-omega.blogspot.com/atom.xml
Spamtraps: http://www.paradigm-omega.net/cgi-bin/custmail.cgi
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
And on the eighth day, we bulldozed it.


--------------enig132E9D14D378C9AF41404299
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Sed quis custodiet ipsos custodes?
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB/Rrko0pgX8xyW4YRA4d9AJ96O/W/c7GnqHLrJzymkzwlqlpFxQCaA+o3
WCOGboqPVytTCB5g/c2N3X4=
=1l+X
-----END PGP SIGNATURE-----

--------------enig132E9D14D378C9AF41404299--

The point is changing the BANNNER is to keep ( automated PORT SCANNERS from
QUICKLY IDing a machine, running a SMTP server, as being postfix of a specific
version. )

Other than that all the person has to do is send an email to the mail server
get a bounce back message, read the headers ofthe bounce, and get the fact if
its qmail postfix or whatever.

But the banner change WILL give you at least SOME 'obscurity' to the automated
PORT scanners out there...

peace,
matt
www.pxmb.com

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig1A453365B16778E0048CB37D
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
I'm a bit amused because our local web server's error returns:
Not Found

The requested URL /dufus.html was not found on this server.
Microsoft-IIS/5.0 Server at omega.paradigm-omega.net Port 80

We then sit back and watch some bozo try to exploit a MS server. ;-)

--
Robin Lynn Frank - Director of Operations - Paradigm-Omega, LLC
Website: http://www.paradigm-omega.com/
RSS: http://paradigm-omega.blogspot.com/atom.xml
Spamtraps: http://www.paradigm-omega.net/cgi-bin/custmail.cgi
=====================================================================
Reality TV is an oxymoron.

--------------enig1A453365B16778E0048CB37D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Sed quis custodiet ipsos custodes?
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB/SIAo0pgX8xyW4YRA7oqAJ9zm/ZoZoSgsWPapOtQ75VeDdetjQCeI4/B
ht3ByAYeTPcBypScUgenSnE=
=K4cT
-----END PGP SIGNATURE-----

--------------enig1A453365B16778E0048CB37D--

Postfix as distributed does not announce its version numbers in
banners or in returned mail.

Wietse

Those kiddies who want to exploit a server based on the version string
will normally just throw everything at it in the hope that something
works.
If you have an attacker who is going to actually recon, then the
version/application name hiding isn't going to help.

If you are worried about being exploited, run better software. One of
the reasons I run Postfix :).
Which really doesn't help :)

Devdas Bhagat

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA557D5B60F1E4728F98ACDEA
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
I suspect the OP is using the package from his OS. IIRC, the Mandrake
RPM even advertises the OS/version.

--
Robin Lynn Frank - Director of Operations - Paradigm-Omega, LLC
Website: http://www.paradigm-omega.com/
RSS: http://paradigm-omega.blogspot.com/atom.xml
Spamtraps: http://www.paradigm-omega.net/cgi-bin/custmail.cgi
=====================================================================
A 'full' life in my experience is usually full only of other people's
demands.

--------------enigA557D5B60F1E4728F98ACDEA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Sed quis custodiet ipsos custodes?
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB/SYXo0pgX8xyW4YRA0JsAJ9d3zAm2YjZ9gO7DEyaDNdcYY3ZCwCgioRz
L8DEzoIFOmual0dQNh3Txvo=
=8RJQ
-----END PGP SIGNATURE-----

--------------enigA557D5B60F1E4728F98ACDEA--

Nope!

But I change my banner anyway.. any little bit helps..

-matt

On Sunday, January 30, 2005 at 18:35 CET,
Ralf had already tipped the OP about smtpd_banner, so I thought I could
just rant a little bit.

--=20
Magnus B=E4ck
***@dsek.lth.se

FSF remember that. FREE to do as you please.

;)

-matt
www.pxmb.com

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig344092E5A70AC5AB977928ED
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Ralf's message actually arrived here after yours. Probably routed via=20
Mars. (I resisted the temptation to use a different planetary=20
reference.) Anyway, in light of that, rants asre okay. ;-)


--=20
Robin Lynn Frank - Director of Operations - Paradigm-Omega, LLC
Website: http://www.paradigm-omega.com/
RSS: http://paradigm-omega.blogspot.com/atom.xml
Spamtraps: http://www.paradigm-omega.net/cgi-bin/custmail.cgi
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
The difference between Bush's and Kerry's web sites?
Kerry's web site didn't sell my email address to others.


--------------enig344092E5A70AC5AB977928ED
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Sed quis custodiet ipsos custodes?
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB/Vyyo0pgX8xyW4YRAzs4AKC0h+1BEU0Fey8Y3S2cW5ljMqM9QgCfXM9u
JF+uPoQhlW2PIBMdQOZ3ggk=
=p5kp
-----END PGP SIGNATURE-----

--------------enig344092E5A70AC5AB977928ED--

Yes. The rationale of the admins who have configured Postfix to look
like Microsoft Exchange is unknown to me...

This helps the postmaster of a remote site to diagnose delivery
problems. It still does, look at the aol.com banner. There *may*
also be some minor legal benefit to a no-tresspass sign. I have:

smtpd_banner = $myhostname ESMTP $mail_name. NO UCE

(yes it should be NO UBE, but I am too lazy to change it, lets not
go there).