[Dshield] Any legitimate reaason to strip SMTP X- headers?

Jeff Kell jeff-kell at utc.edu
Tue May 24 15:25:54 GMT 2005


Paul Marsh wrote:
> Really good question I've got a Firebox that does the same thing in it's
> default proxy config.  Anyone have any ideas?

You strip X-headers for the same reason you would strip/obfuscate
banners and other "identifying" information.  If there's an exploit
discovered for specific builds of Exchange (for example), and I see from
your mail that you are running:

> X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0

Then kaboom, you're making it easy for the black hats.  Especially if
these headers get logged somewhere, and perhaps google indexed, etc.

Jeff




More information about the list mailing list