On 9/7/19 12:13 PM, Cyborg via Exim-users wrote:
Hi,several press publications about the exim exploit give different exim installation numbers. The Hacker News: "...which runs almost 60% of the internet's email servers today..." "...leaving at least over half a million email servers vulnerable to remote hackers..." Heise Security: "Shodan names over 5 million server <https://www.shodan.io/report/vRKzLpdS>; 175.000 in Germany alone" Wikipedia: "In August 2019 a study performed by E-Soft, Inc.,^[3] <https://en.wikipedia.org/wiki/Exim#cite_note-3> approximately 57% of the publicly reachable mail-servers on the Internet ran Exim. " The question is, what is the reality?
The method how they count is inspecting the answer
on the smtp connect.
If the answer matches "exim" they add one.
I'm using exim but I have configured
smtp_banner = $smtp_active_hostname ESMTP $tod_full
I have even further tweaked the received lines to suppress
the default of
[...] (Exim ${version_number} #${compile_number}) [...]
with the "received_header_text" option
So I'm hiding it, and my Exim don't get counted.
But will also never expose a probably vulnerable MTA version to outsiders.
Olaf
--
Karlsruher Institut für Technologie (KIT)
ATIS - Abt. Technische Infrastruktur, Fakultät für Informatik
Dipl.-Geophys. Olaf Hopp
- Leitung IT-Dienste -
Am Fasanengarten 5, Gebäude 50.34, Raum 009
76131 Karlsruhe
Telefon: +49 721 608-43973
Fax: +49 721 608-46699
E-Mail: [email protected]
www.atis.informatik.kit.edu
www.kit.edu
KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft
Das KIT ist seit 2010 als familiengerechte Hochschule zertifiziert.
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
