From: Javier Fernandez-Sanguino (jfernandez@germinus.com)
Date: Wed Mar 09 2005 - 05:03:33 EST
Joachim Schipper wrote:
> See postconf(5), under smtpd_banner. (I'm pretty sure Nessus just
grabs
> the banner; however, some more advanced fingerprinting is possible, if
> someone is very knowledgeable.)
Actually that won't fool it probably. That NASL script does much more
than grabbing the banner, it actually sends some commands and reads
the answers in order to determine the software used:
http://cvsweb.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/smtpscan.nasl?content-type=text/plain
Trying to fool this probably implies making some changes in the source
code to behave differently. I don't believe it's worth it, best invest
the time in making sure that a compromise through postfix is not
possible (proper privilege separation, current version and bugfixes, etc)
Regards
Javier
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT