From owner-freebsd-security Fri Aug 14 09:46:31 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA24136 for freebsd-security-outgoing; Fri, 14 Aug 1998 09:46:31 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.netcorps.com (ns1.netcorps.com [207.1.125.101]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA24116 for ; Fri, 14 Aug 1998 09:46:24 -0700 (PDT) (envelope-from satya@longshadows.com) Received: from localhost (satya@localhost) by ns1.netcorps.com (8.9.0/8.9.0) with SMTP id JAA22517; Fri, 14 Aug 1998 09:40:32 -0700 (PDT) X-Authentication-Warning: ns1.netcorps.com: satya owned process doing -bs Date: Fri, 14 Aug 1998 09:40:32 -0700 (PDT) From: Satya Palani X-Sender: satya@ns1.netcorps.com Reply-To: Satya Palani To: Garrett Wollman cc: security@FreeBSD.ORG Subject: Re: Sendmail greeting In-Reply-To: <199808140111.VAA02156@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 13 Aug 1998, Garrett Wollman wrote: > I just updated my desktop machine after nine months of stasis, and one > of the first things I did when migrating my .mc file over was to add > the following: > > define(`confSMTP_LOGIN_MSG', `$j server ready at $b')dnl > > This gives a greeting like: > > 220 khavrinen.lcs.mit.edu ESMTP server ready at Thu, 13 Aug 1998 21:10:03 -0400 (EDT) > > ...which doesn't leak any version information at all. Of course, the version number is still being broadcast through the headers. Take this message, for example: Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id VAA02156; Thu, 13 Aug 1998 21:11:31 -0400 (EDT) (envelope-from wollman) Whether you consider this a leak or not is up to you... -Satya To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message