On Tue, Oct 08, 2002 at 09:10:50AM +0200, Reckhard, Tobias wrote:
thats security by obscurity and not usefull
Oh, obscurity does have its place in security. You mustn't rely on it in any way, but you can well use it to make it somewhat harder for an attacker. After all, there's no point in making it easier for them. Consider it one building block in the tower of security. A rather small one.
Hiding the identity of your MTA is somewhat hard. You can change sendmail to not announce itself in the Received header, alright. You can also change SmtpGreetingMessage otherwise it'll still be recognizable by its SMTP banner. But that's not where the story ends. There are many telltale signs by which you can identify MTAs. Sendmail for instance will always reply "Hello ..., pleased to meet you" in response to EHLO/HELO while Postfix replies "hostname ESMTP ....". The set of ESMTP extensions supported also differs between MTAs and even different versions of the same MTA. The general syntax of the Received header also differs between MTAs, as does the SMTP id included. Sometimes it may even be possible to identify different versions - it seems sendmail changed the SMTP id format from "[A-Z]AA[0-9]*" in 8.9 to something like "g[0-9A-F]*" in 8.11. In short, you will be able to fool dumb scanners but not the eye of a human. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann