HPE Community
Operating System - HP-UX
1833451 Members
2969 Online
110052 Solutions
New Discussion

hiding sendmail version

 
SOLVED
Go to solution
Fred Martin_1
Valued Contributor

‎12-27-2002 07:30 AM

‎12-27-2002 07:30 AM

hiding sendmail version

I believe there is a way to hide the sendmail version from outgoing mail, but I can't locate any information. I'm running HP-UX 11.0 with sendmail 8.9.3 (PHNE_24419). Does anyone know how I can change the version info to a given string of characters, or maybe just turn it off?
fmartin@applicatorssales.com
0 Kudos
Reply
5 REPLIES 5
Robert-Jan Goossens
Honored Contributor

‎12-27-2002 07:40 AM

‎12-27-2002 07:40 AM

Solution

Re: hiding sendmail version

Take a look at this one,

http://info.nixhosting.net/sendmail/

search inside the page for hiding.

Hope it helps,

Robert-Jan.
Reply
Fred Martin_1
Valued Contributor

‎12-27-2002 07:47 AM

‎12-27-2002 07:47 AM

Re: hiding sendmail version

In the meantime I found this in the cf file:

DZ8.9.3

and changed it to:

DZtest

Now this is displayed:

.... (8.9.3(PHNE_24419)/test) ...

So that's not entirely it.

I'll look at that info, thanks.
Fred
fmartin@applicatorssales.com
0 Kudos
Reply
Fred Martin_1
Valued Contributor

‎12-27-2002 08:00 AM

‎12-27-2002 08:00 AM

Re: hiding sendmail version

FYI also found this in the cf:

O SmtpGreetingMessage=$j Sendmail $v/$Z; $b

But I don't see the word "Sendmail" in any outgoing headers so I haven't solved it yet.

The article has some interesting information thanks.
Fred
fmartin@applicatorssales.com
0 Kudos
Reply
Fred Martin_1
Valued Contributor

‎12-27-2002 09:44 AM

‎12-27-2002 09:44 AM

Re: hiding sendmail version

I think I found what I was looking for - in the sendmail.cf file, at least for my version of sendmail....

These are the lines in the cf file that display version information....

In the smtp login dialog:

O SmtpGreetingMessage=$j Sendmail $v/$Z; $b

In the headers of emails:

HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.by $j ($v/$Z)$?r with $r$. id $i$?u
for $u; $|;
$.$b

...so it looks like the values $v and $Z control what is displayed.

$Z is set with the line:

DZ8.9.3

I'm not sure where $v is set - if anyone knows where to change this value, let me know.

I suppose I could change the 'O Smtp' and 'HReceived:' lines but I'm not sure that's the correct way to do it.
fmartin@applicatorssales.com
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎12-27-2002 11:03 AM

‎12-27-2002 11:03 AM

Re: hiding sendmail version

Hi Fred,

Others have you on track for your primary question, but another thing you should do to harden SendMail is to disable verification & username expansion.
Two ways to do this in the sendmail.cf file:
A) O PrivacyOptions=goaway #easiest
B) O PrivacyOptions=noexpn,novrfy #most granular

If these are enabled - and they are by default - hackers can verify account names on the system.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.