[Techtalk] sendmail question
Lena M
lena_m1 at hotmail.com
Thu Sep 11 05:27:51 EST 2003
Kai, Thank you.
I noticed that some mail servers don't show any info after ehlo command.
I figured the less info sendmail shares about its setup, the harder it would
be for someone to compromise it.
Also, HELP reveals sendmail's version number, and a lot of security experts
recommend disabling it.
Lena
----- Original Message -----
From: "Kai MacTane" <kmactane at GothPunk.com>
To: "Techtalk" <techtalk at linuxchix.org>
Sent: Wednesday, September 10, 2003 3:09 PM
Subject: Re: [Techtalk] sendmail question
> At 9/10/03 07:15 AM , Lena M wrote:
>
> >I'm working on securing my sendmail. I configured so it doesn't show a
> >banner containing its version numbe. I also disabled "help" feature.
> >In addition, I would like to get rid of the extra info that shows up
after
> >'ehlo blah-blah' command (see below)
>
> If you do this, you'll be violating RFC2822 (see
> http://www.faqs.org/rfcs/rfc2821.html). In particular, the following bits:
>
> 3.2 Client Initiation
> Once the server has sent the welcoming message and the client has
> received it, the client normally sends the EHLO command to the
> server, indicating the client's identity. In addition to opening the
> session, use of EHLO indicates that the client is able to process
> service extensions **and requests that the server provide a list of
the
> extensions it supports.** [emphasis added]
>
> and this part:
>
> 4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO)
> ...A client SMTP SHOULD start an SMTP session by issuing the EHLO
> command. If the SMTP server supports the SMTP service extensions it
> will give a successful response, a failure response, or an error
> response. If the SMTP server, in violation of this specification,
> does not support any SMTP service extensions it will generate an
> error response....
>
> Normally, the response to EHLO will be a multiline reply. Each line
> of the response contains a keyword and, optionally, one or more
> parameters.
>
> Basically, the EHLO command is *supposed* to ask your server "what
commands
> do you support?" The server has to respond to that.
>
> Also, disabling the HELP command is a little iffy, as the RFC states,
"SMTP
> servers SHOULD support HELP without arguments and MAY support it with
> arguments." But it's not technically violating the RFC to drop HELP.
>
> --Kai MacTane
> ----------------------------------------------------------------------
> "Deadly angels for reality and passion..."
> --Shriekback,
> "Gunning for the
> Buddha"
>
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk
>
More information about the Techtalk
mailing list