Changing the IMAP server's banner -- does one still need to patch
the source?
Philip Edelbrock
phil at edgedesign.us
Thu Jun 16 17:23:04 EDT 2005
Alexander Dalloz wrote:
> Am Do, den 16.06.2005 schrieb Ralph Seichter um 17:06:
>
>
>>I'm looking for a configuration parameter to change Cyrus IMAP's
>>banner text. A banner like
>>
>> * OK server.tld Cyrus IMAP4 v2.2.3 server ready
>>
>>is giving too much away about the server, IMHO. For security reasons,
>>I'd like show only the information required by RFC definition.
>
>
> Sorry, but that is nonsense, with other words well known as "security by
> obscurity" and thus simpy useless. See the thread "Cyrus Banner" which
> started Tuesday. Seriously, you gain absolutely nothing by hiding any
> kind of version number or IMAP server type string. Get over to useful
> things and keep your system up to date. Your version of Cyrus-IMAPd is
> outdated and has bugs (at least if not patched).
>
> Alexander
>
>
I don't know... sounds like a reasonable request to me. I'd be
interested in the answer.
Security by obscurity is bad, but that's not what this is. I still put
my laptop under the car seat before going into the store eventhough the
door locks /should/ be enough. ;')
Anyways, this is probably off topic, sorry.
Phil
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list