by Christian Hammer » Mon, 16 Apr 2001 00:34:27
Does someone know how to hide sendmail's version number?
I got rid of the greeting and the help already but it still says
Sendmail 8.11.3 -- HELP not implemented
and will probably show it in the headers, too.
It's not that I wouldn't know that security by obscurity does not work
but it gives me hopefully some time to fix the next root exploit :-)
thanks,
-christian-
by Suresh Ramasubramani » Mon, 16 Apr 2001 00:40:16
Security by obscurity? Anyway define confSMTP_LOGIN_MSG to whatever you want.Quote:> Does someone know how to hide sendmail's version number?
What root exploit? Nothing's come up in sendmail for quite some time (the lastQuote:> It's not that I wouldn't know that security by obscurity does not work
> but it gives me hopefully some time to fix the next root exploit :-)
-s
--
Suresh Ramasubramanian + Wallopus Malletus Indigenensis
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
by Jem Berke » Mon, 16 Apr 2001 03:20:32
Still... for me, anyway, it's the most complex daemon running as root.Quote:> > It's not that I wouldn't know that security by obscurity does not work
> > but it gives me hopefully some time to fix the next root exploit :-)
> What root exploit? Nothing's come up in sendmail for quite some time (the last
> one was a linux kernel bug with 8.9.3)
I played around with making it run non-root but there were problems
(sending mail locally, and sending to root)
--
http://www.pc-tools.net/
DOS, Win32, Linux software
by Lord Apollyo » Thu, 19 Apr 2001 11:47:46
> Does someone know how to hide sendmail's version number?
Of course, obscuring the version numbers is not even a pretense at a
complete security solution, but one minor tool.
Look for the help() function in srvrsmtp.c
=Rob=
--
The reply-to-address is *REAL* and will expire on 0:01 1-June-2001.
HTML emails will be bounced UNREAD. You've been warned.
Please review http://www2.paypc.com/blacklists/ before emailing.
Somebody set us up the mailbomb! All your servers are belong to us!
You are on the way to termination. You have no chance to login make your time!
1. how do I hide the version number?
I could change the SmtpGreetingMessage and I commented out the helpfile
in the sendmail.cf, but if I telnet mail.domain.com 25 and type help, I
still see the version there.
Is there any way to fix this?
2. Checking in stuff in Intralink
3. posting single message to number of people, but hiding details.
4. help needed: SMS audit16 with long user names (Netware)
5. "Hide Me" Plugin for all Mac versions
6. 'sent' icon(envelope) has a horz. line thru it
9. hide version of sendmail in header
12. Completely hide sendmail version in telnet>25 session