[Dshield] Any legitimate reaason to strip SMTP X- headers?
BKWalker at drbsystems.com
Tue May 24 15:40:56 GMT 2005
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Jeff Kell
> Sent: Tuesday, May 24, 2005 11:26 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Any legitimate reaason to strip SMTP
> X- headers?
> Paul Marsh wrote:
> > Really good question I've got a Firebox that does the same thing in
> > it's default proxy config. Anyone have any ideas?
> You strip X-headers for the same reason you would
> strip/obfuscate banners and other "identifying" information.
> If there's an exploit discovered for specific builds of
> Exchange (for example), and I see from your mail that you are running:
> > X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
> Then kaboom, you're making it easy for the black hats.
> Especially if these headers get logged somewhere, and perhaps
> google indexed, etc.
The funny thing is, as you can see.. Data sent from the exchange server
goes out with X-Headers. There's something else that's proxying port 25
SMTP traffic (of which we have very little, and none of it's really
Of course, our in-house guys don't know anything about it.. They think
it might be Websense doing it..
Seems like an ineffective half-measure in place here.
More information about the list