[Techtalk] sendmail question

Lena M lena_m1 at hotmail.com
Thu Sep 11 05:27:51 EST 2003


Kai, Thank you.
I noticed that some mail servers don't show any info after ehlo command.
I figured the less info sendmail shares about its setup, the harder it would
be for someone to compromise it.
Also, HELP reveals sendmail's version number, and a lot of security experts
recommend disabling it.

Lena

----- Original Message ----- 
From: "Kai MacTane" <kmactane at GothPunk.com>
To: "Techtalk" <techtalk at linuxchix.org>
Sent: Wednesday, September 10, 2003 3:09 PM
Subject: Re: [Techtalk] sendmail question


> At 9/10/03 07:15 AM , Lena M wrote:
>
> >I'm working on securing my sendmail. I configured so it doesn't show a
> >banner containing its version numbe. I also disabled "help" feature.
> >In addition, I would  like to get rid of the extra info that shows up
after
> >'ehlo blah-blah' command (see below)
>
> If you do this, you'll be violating RFC2822 (see
> http://www.faqs.org/rfcs/rfc2821.html). In particular, the following bits:
>
> 3.2 Client Initiation
>     Once the server has sent the welcoming message and the client has
>     received it, the client normally sends the EHLO command to the
>     server, indicating the client's identity.  In addition to opening the
>     session, use of EHLO indicates that the client is able to process
>     service extensions **and requests that the server provide a list of
the
>     extensions it supports.** [emphasis added]
>
> and this part:
>
> 4.1.1.1  Extended HELLO (EHLO) or HELLO (HELO)
>     ...A client SMTP SHOULD start an SMTP session by issuing the EHLO
>     command.  If the SMTP server supports the SMTP service extensions it
>     will give a successful response, a failure response, or an error
>     response.  If the SMTP server, in violation of this specification,
>     does not support any SMTP service extensions it will generate an
>     error response....
>
>     Normally, the response to EHLO will be a multiline reply.  Each line
>     of the response contains a keyword and, optionally, one or more
>     parameters.
>
> Basically, the EHLO command is *supposed* to ask your server "what
commands
> do you support?" The server has to respond to that.
>
> Also, disabling the HELP command is a little iffy, as the RFC states,
"SMTP
> servers SHOULD support HELP without arguments and MAY support it with
> arguments." But it's not technically violating the RFC to drop HELP.
>
>                                                  --Kai MacTane
> ----------------------------------------------------------------------
> "Deadly angels for reality and passion..."
>                                                  --Shriekback,
>                                                   "Gunning for the
>                                                    Buddha"
>
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk
>


More information about the Techtalk mailing list