Re: removing banners from cyrus

Tue, 02 Apr 2002 09:54:27 -0800 


Clifford Thurber wrote:
> 
> I am confused as to what or why there are things specific to Netscape.
> Perhaps  I have left out the context of my question. I am trying to prevent
> people doing recognizance banner grabbing for security reasons>

If you think that having the vendor/version information in the banner is
a security problem, then you should tell us what you think the security
issues are, so they can be fixed.  If its a config problem, then fix
your config ;-)

In any case, there are multiple places in the services where the
vendor/version string is used:

- In the banners for imapd, pop3d, lmtpd -- disable by editing the
source -- 
     look for prot_printf(, "... ready\r\n", ,CYRUS_VERSION)
- imapd: ID command response -- disable with "imapidresponse: no" in
imapd.conf
- imapd: NETSCAPE command response -- not compiled by default
(--enable-netscapehack configure option)
- pop3d: IMPLEMENTATION capability -- disable by editing the source in
cmd_capa()

Ken


> 
> At 04:15 PM 4/2/2002 +0100, Steve Wright wrote:
> 
> >Changing pop3d.c will only change the "+OK %s Cyrus POP3 v2.0.15 server
> >ready" banner.
> >
> >If you want to change the imap banner, to the best of my knowledge you have
> >to change (in imapd.c) the "OK %s Cyrus IMAP4 %s server ready\r\n" line (same
> >as pop3d.c), the section containing the imap id (as per RFC2971)
> >
> >  prot_printf(imapd_out, "* ID ("
> >                     "\"name\" \"Cyrus\""
> >                     " \"version\" \"%s\""
> >                     " \"vendor\" \"Project Cyrus\""
> >                     " \"support-url\" \"http://asg.web.cmu.edu/cyrus\"";,
> >                     CYRUS_VERSION);
> >
> >& there are a few entries specific to netscape.
> >
> >Steve.
> >
> >On Tuesday 02 April 2002 15:39, you wrote:
> > > This will take care of both the IMAP and POP3 banners? Nothing needs to be
> > > done to say .. imapd.c????
> > >
> > > Thanks again
> > >
> > > At 11:01 AM 4/2/2002 +0100, Steve Wright wrote:
> > > >The "+OK %s Cyrus POP3 v2.0.15 server ready" banner can be changed by
> > > > editing line 323 in /src/cyrus-imapd-2.0.15/imap/pop3d.c

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp























					Reply via email to