Eh cool Davide, don't be angry, it's just a question : I only think Xmail
displays more informations than necessary
-----Message d'origine-----
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]De la
part de Davide Libenzi
Envoy� : mardi 22 mai 2001 17:33
� : Nguyen, NgocCan
Cc : [EMAIL PROTECTED]
Objet : RE: security
On 22-May-2001 Nguyen, NgocCan wrote:
>
> Davide,
>
> when I type "telnet smtp.xmailserver.org 25, i have naturally this message
:
>
> 220 <[EMAIL PROTECTED]> [XMail 0.71 (Linux/Ix86) ESMTP
> Server] service ready; Tue, 22 May 2001 09:08:05 -0700
>
> It's good, but I think it's not a security to display "[XMail 0.71
> (Linux/Ix86)", is there some options which allow to hide this message ??
This is an old stupid issue.
Maybe a guy that claimed himself to be a security expert and seeing that his
security rules was no longer than a couple of lines, decided to add to a
security document.
case 1) An XMail version HAS buffer overflow vulnerability and an exploit is
available to hackers
Hacker tools tries EVERY know exploit to each available port 25.
So hiding the [XMail 0.71 (Linux/Ix86) ESMTP Server] does not solve
Your problem.
case 2) An XMail version DOESN'T have a buffer overflow vulnerability
You've no problem at all.
- Davide
