SMTP Banner
Results 1 to 5 of 5

Thread: SMTP Banner

  1. #1
    Senior Member
    Join Date
    Jul 2004
    Posts
    177

    SMTP Banner

    Hi all. I'm installing a new SMTP gateway for my company. I'm using an IIS 6.0 SMTP server on a Windows 2003 Server std machine to route all incoming/outcoming mail to/from my Exchange Server.

    Now all it's working fine but I don't know if it is a good idea follow the steps to remove the SMTP server banner. Of course it can help in case someone is planning to attack the server, but i think that the version banner is used for some operations that won't work if I remove it, right?

    The question is, would you remove the banner in my case?

    Thank you!

  2. #2
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    To my knowledge, it's purely informational. I'm not using IIS SMTP, but I changed the banner on my SMTP application to prevent it's disclosure for any malicious purposes.
    - Maverick

  3. #3
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018

    Re: SMTP Banner

    Originally posted here by DerekK
    The question is, would you remove the banner in my case?
    Without a doubt.

    The less iformation that can be gained about your systems/networks and employees the hasrder it becomes to compormise your systems/networks or people.

    Your server version may not have any known vunerabilites but you should still remove the banner:

    Advertising the SMTP server you use will announce what OS you are running. Announcing a version will allow educated guesses to be made as to how up to date your OS & other apps are likely to be accross all your systems/networks.

    And finally should a vunerability come to light for your server/version then you may as well be advertinsing the fact you have a vunerable system.

    If you can't get the server & exchange to play nicely together without the banner, I would re-consider the strategy for using exchange. However I would be very suprised if that is the case.

    HTH
    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  4. #4
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    The question is, would you remove the banner in my case?
    Yes, remove it. The last thing you want is to do is give out your information.(banner grabbing) Also, On a side note do you plan on using authentication on this SMTP mail server?

  5. #5
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    Thank you all.

    I had few doubts about if it will work without the default banner but i was checking out several public servers and in all cases they don't show the information.

    I'll follow this article .

    Originally posted here by Computernerd22


    Yes, remove it. The last thing you want is to do is give out your information.(banner grabbing) Also, On a side note do you plan on using authentication on this SMTP mail server?
    I'm not using authentication because this is and SMTP gateway (pointed by MX), receiving and sending all corporate network. I use SSL SMTP in the front ends for the users who want send email from internet.

    One more time, thank you all!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •