Sendmail

Kevin Spicer kevins at BMRB.CO.UK
Fri Sep 19 08:27:01 IST 2003


On Thu, 2003-09-18 at 23:57, Res wrote:

On Thu, 18 Sep 2003, Raymond Dijkxhoorn wrote:

> Hi!
>
> > > Redhat for example backported the fixes, they always do...
>
> > Shouldn't they still change the version number in some way (eg
8.12.8 ->
> > 8.12.8a or 8.12.8-1) so that sysadmins know whether they've got the
new one
> > or the old one on a given machine?
>
> This implies a security risk, with version scanners. Admins on the box
> can do a rpm -q sendmail ...

For those that don't already know, you need this line in your
sendmail.mc to hide the version number...

define(`confSMTP_LOGIN_MSG', `$j')dnl

This just leaves the banner as..

220 server.yourdomain.com ESMTP

Which is the minimum (you can remove the hostname by getting rid of the
$j, but it was mentioned in a previous discussion that this breaks an
RFC).






BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material.  If you have received this in error, please contact the
sender and delete this message immediately.  Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited.  BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.



More information about the MailScanner mailing list