suppress cyrus version information possible?
Ken Murchison
ken at oceana.com
Fri Oct 29 14:47:56 EDT 2004
Sascha Wuestemann wrote:
> Hi,
>
> when sending email over cyrus imap, it gives full information about
> version. So, an attacker has just to telnet at port 25 to see if his
> bunch of exploits fits to it.
>
> That is a dangerous and I would like to suppress all version
> information, even that it is cyrus answering, if possible.
Security by obscurity never works. Do you really think an attacker
would be deterred by the version number that he sees? He'll probably
try his attack regardless of the version reported.
> Can you do that by just configuring it somehow, or does it need a patch?
Modify the source.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list