Ubuntu mail headers are not best practice
Bug #122195 reported by
Cesare Tirabassi
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
postfix (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: postfix
Reporting on behalf of:
Sherman Boyd
TwoCell Computer Consulting
http://
The default postfix configuration sets the mail header to something like this:
220 mx.myhostname.com ESMTP Postfix (Ubuntu)
This gives anyone who connects to port 25 both the name of your SMTP software and your Linux distribution. There is no reason to disclose this information, and from a security perspective it is a best practice not to.
I suggest that regardless of which SMTP software is installed the Ubuntu default header should look like this:
220 mx.myhostname.com ESMTP
This is a best practice that all the big players seem to follow:
gmail, yahoo mail, etc.
To post a comment you must log in.
The standard from the Postfix upstream is:
220 mx.myhostname.com ESMTP Postfix
It's trivial to change this in your /etc/postfix/ main.cf if you want to and so I see no compelling reason to diverge with upstream on this. I'd suggest you take this up on the postfix-users mailing list if you believe it's important.