Re: Avoiding Postfix Fingerprinting

From: Javier Fernandez-Sanguino (jfernandez@germinus.com)
Date: Wed Mar 09 2005 - 05:03:33 EST

• Next message: Olivier Fauchon: "Re: Avoiding Postfix Fingerprinting"
• Previous message: Michael Scheidell: "RE: Avoiding Postfix Fingerprinting"
• In reply to: Joachim Schipper: "Re: Avoiding Postfix Fingerprinting"
• Next in thread: Olivier Fauchon: "Re: Avoiding Postfix Fingerprinting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Joachim Schipper wrote:

> See postconf(5), under smtpd_banner. (I'm pretty sure Nessus just
grabs
> the banner; however, some more advanced fingerprinting is possible, if
> someone is very knowledgeable.)

Actually that won't fool it probably. That NASL script does much more
than grabbing the banner, it actually sends some commands and reads
the answers in order to determine the software used:
http://cvsweb.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/smtpscan.nasl?content-type=text/plain

Trying to fool this probably implies making some changes in the source
code to behave differently. I don't believe it's worth it, best invest
the time in making sure that a compromise through postfix is not
possible (proper privilege separation, current version and bugfixes, etc)

Regards

Javier

• Next message: Olivier Fauchon: "Re: Avoiding Postfix Fingerprinting"
• Previous message: Michael Scheidell: "RE: Avoiding Postfix Fingerprinting"
• In reply to: Joachim Schipper: "Re: Avoiding Postfix Fingerprinting"
• Next in thread: Olivier Fauchon: "Re: Avoiding Postfix Fingerprinting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT