[Dshield] SMTP server banner?

Jon R. Kibler Jon.Kibler at aset.com
Fri Oct 29 15:19:01 GMT 2004


Schneelocke wrote:
<SNIP!>
> > So my initial thought is maybe just the machine name they connected to
> > (our public mx record).  But are there any RFC or general requirements
> > that we display anything in particular?
> 
> I personally think that it's best to give out as much information as
> necessary but, at the same time, as little as possible, so I'd suggest
> something like this:
> 
> 220 host.domain.tld ESMTP
> 
> and nothing else (assuming your mail server does ESMTP). In
> particular, I'd advise against putting in the mail server software's
> name or version, since that makes scanning for vulnerable versions
> when a new hole is found much easier.
> 
> --
> schnee

I agree -- but with one addition. You probably want to add an additional banner line that says something like 'Unauthorized Access is Prohibited (etc)' and another stating that you do not accept bulk unsolicited email. Consult your legal department for appropriate statements.

BTW, all public services should display such banners to give you maximum power to prosecute miscreants.

Jon Kibler
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list