[Dshield] Any legitimate reaason to strip SMTP X- headers?

Paul Marsh pmarsh at nmefdn.org
Tue May 24 15:48:19 GMT 2005


Jeff:

	Thanks, that's some good information.  Are there any best
practices that you can point out regarding this subject?

Should be gone now >>>>> X-MimeOLE: Produced By Microsoft Exchange
V6.5.7226.0 

Thanx, Paul
 

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Jeff Kell
Sent: Tuesday, May 24, 2005 11:26 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Any legitimate reaason to strip SMTP X- headers?

Paul Marsh wrote:
> Really good question I've got a Firebox that does the same thing in 
> it's default proxy config.  Anyone have any ideas?

You strip X-headers for the same reason you would strip/obfuscate
banners and other "identifying" information.  If there's an exploit
discovered for specific builds of Exchange (for example), and I see from
your mail that you are running:

> X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0

Then kaboom, you're making it easy for the black hats.  Especially if
these headers get logged somewhere, and perhaps google indexed, etc.

Jeff





More information about the list mailing list