View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Masking exim and cyrus-imapd version from nmap scan
Log in to Ask a Question

Masking exim and cyrus-imapd version from nmap scan

email

I'm new to linode and very happy thus far.

I've spent the last couple weeks observing/securing my server. I'm pretty new to all of this, so I can't say one way or another whether my server is secure. Each day I learn new things and apply what I can.

One tool I've used as a sanity check from the outside is nmap. I use it to see what ports are open for an observer from the outside.

I'm running Fedora Core 11.

When a user queries my server with the following command:

nmap -T4 -A -v www.<my-domain-name>.com</my-domain-name>

the following pertinent data is returned:

Discovered open port 80/tcp on xx.xx.xxx.xxx

Discovered open port 25/tcp on xx.xx.xxx.xxx

Discovered open port 993/tcp on xx.xx.xxx.xxx

Discovered open port 995/tcp on xx.xx.xxx.xxx

Discovered open port 465/tcp on xx.xx.xxx.xxx

Discovered open port 143/tcp on xx.xx.xxx.xxx

PORT STATE SERVICE VERSION

22/tcp closed ssh

25/tcp open smtp Exim smtpd 4.69

80/tcp open http Apache httpd 2.2.13

113/tcp closed auth

143/tcp open imap Cyrus IMAP4 2.3.16-Fedora-RPM-2.3.16-1.fc11

443/tcp closed https

465/tcp open ssl/smtp Exim smtpd 4.69

|_ SSLv2: server still supports SSLv2

993/tcp open ssl/imap Cyrus imapd

|_ SSLv2: server still supports SSLv2

995/tcp open ssl/pop3 Cyrus pop3sd

|_ SSLv2: server still supports SSLv2

I'd like not to broadcast what versions of Exim, Cyrus and Apache I'm using if possible. I would think this info only helps the hacker get in.

Thanks in advance for you help.

Lava

2 Replies

Recent versions of nmap have a pretty comprehensive set of service and version probes. You could try psad - caveat: I haven't tried it, YMMV.

sigh

Apache:

http://httpd.apache.org/docs/2.2/mod/co … rsignature">http://httpd.apache.org/docs/2.2/mod/core.html#serversignature

http://httpd.apache.org/docs/2.2/mod/co … rvertokens">http://httpd.apache.org/docs/2.2/mod/core.html#servertokens

Exim:

http://www.exim.org/exim-html-current/d … l#SECID112">http://www.exim.org/exim-html-current/doc/html/spechtml/ch14.html#SECID112 , look for smtpbanner (I believe it HAS to begin with "$smtpactivehostname ESMTP" for RFC-compliancy; "$smtpactivehostname ESMTP Exim $versionnumber $todfull" is the default, "$smtpactivehostname ESMTP $tod_full" is a good "safe" option)

And first Google hit for "cyrus imap banner":

http://www.mail-archive.com/info-cyrus@ … 36163.html">http://www.mail-archive.com/info-cyrus@lists.andrew.cmu.edu/msg36163.html
> > I have been googling over there and haven't find the answer to my question

just another man looking for the same as me… I wanted to change the banner

that cyrus imap and pop sends when you connect to them… basically the

server greeting… I think it could be quite dangerous to show the version

you're running… even the server you're running. Please could be anyway of

doing this? how could I get my goal? For example when you telnet to port 110

or 143 to be shown :

+OK IMAP Server

and nothing else….

man imapd.conf

serverinfo: on

The server information to display in the greeting and capability

responses. Information is displayed as follows:

"off" = no server information in the greeting or capabilities

"min" = servername in the greeting; no server information in the

capabilities

"on" = servername and product version in the greeting; product

version in the capabilities

Allowed values: off, min, on

Seems that imapd.conf applies to POP too… and if not, there's porbably equivalent option in popd.conf. YMMV, I use Dovecot.

No idea how Fedora's apache and exim config layouts look, so you'll need to grep, I guess.

IMO, hiding version IDs doesn't help much… But hey, of you want it…

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct