On Fri, 4 Jan 2002, Henrik Steffen wrote:
>
> Hello,
>
> I am s0enke's boss - hi all!
> XMail is set up well and running stable - thanks for all your help!
>
> One question from me:
>
> Is there a way to run XMail in a "silent mode" ?
>
> e.g. when I connect to port 25 or 110, I can read:
> XMail 1.3 (Linux/Ix86) POP3 Server.
>
> In my opinion this is too much information for possible hackerz.
> Is there a directive to tell XMail to suppress this information?
> Like just saying: "+OK ready" or something on connecting?
One part of the informations are essential for authentication and it's the
part inside <>.
This is an old topic about how much more secure is a server w/out these
informations.
The difference is exactly 0.0 !
Why ?
Because real hackers :
1) can guess the MTA based on the command implemented and response types
2) can guess the OS by sending particular TCP packets and looking at the
remote TCP server response. If you've an HTTP server running
thay can easily get the OS info from there
Anyway if you'd like to do it you,ve simply to change some source file (
easy fixes ) and rebuild it.
You can create a diff to apply to future versions.
I won't add it inside the mainstream source code because i do not believe
it helps.
- Davide
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
