[Techtalk] sendmail question
Kai MacTane
kmactane at GothPunk.com
Wed Sep 10 15:09:29 EST 2003
At 9/10/03 07:15 AM , Lena M wrote:
>I'm working on securing my sendmail. I configured so it doesn't show a
>banner containing its version numbe. I also disabled "help" feature.
>In addition, I would like to get rid of the extra info that shows up after
>'ehlo blah-blah' command (see below)
If you do this, you'll be violating RFC2822 (see
http://www.faqs.org/rfcs/rfc2821.html). In particular, the following bits:
3.2 Client Initiation
Once the server has sent the welcoming message and the client has
received it, the client normally sends the EHLO command to the
server, indicating the client's identity. In addition to opening the
session, use of EHLO indicates that the client is able to process
service extensions **and requests that the server provide a list of the
extensions it supports.** [emphasis added]
and this part:
4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO)
...A client SMTP SHOULD start an SMTP session by issuing the EHLO
command. If the SMTP server supports the SMTP service extensions it
will give a successful response, a failure response, or an error
response. If the SMTP server, in violation of this specification,
does not support any SMTP service extensions it will generate an
error response....
Normally, the response to EHLO will be a multiline reply. Each line
of the response contains a keyword and, optionally, one or more
parameters.
Basically, the EHLO command is *supposed* to ask your server "what commands
do you support?" The server has to respond to that.
Also, disabling the HELP command is a little iffy, as the RFC states, "SMTP
servers SHOULD support HELP without arguments and MAY support it with
arguments." But it's not technically violating the RFC to drop HELP.
--Kai MacTane
----------------------------------------------------------------------
"Deadly angels for reality and passion..."
--Shriekback,
"Gunning for the
Buddha"
More information about the Techtalk
mailing list