Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
[SECURITY] Default postfix reveals software name and version
  • From: wilson@xxxxxxxxxxx (Jonathan Wilson)
  • Date: Thu, 31 May 2001 18:25:22 -0500
  • Message-id: <>

I know this is a very minor thing but I was just setting up a mail server and noticed that by default, SuSE's postfix is set to show OS/softwareinfo. Most security professionals recommend that all such banners be disabled, since banners can sometimes be quite helpful to crackers.

The offending lines in /etc/postfix/ are:

mail_name = Postfix on SuSE Linux 7.1 (i386)
smtpd_banner = $myhostname ESMTP $mail_name

Running netcat quickly reveals this info:

jw@testbox:~ > netcat 25

220 ESMTP Postfix on SuSE Linux 7.1 (i386)

I suggest commenting out mail_name and setting smtpd_banner to wither nothing or $myhostname, or some other such harmless thing. Consider carefully what really belongs there.

P.S. Is "ESMTP" actually needed for anything? I don't know that much about mail protocols.

Jonathan Wilson
System Administrator

Cedar Creek Software
Central Texas IT

< Previous Next >
This Thread
  • No further messages