Ubuntu mail headers are not best practice
Bug #122195 reported by
Cesare Tirabassi
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| postfix (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: postfix
Reporting on behalf of:
Sherman Boyd
TwoCell Computer Consulting
http://
The default postfix configuration sets the mail header to something like this:
220 mx.myhostname.com ESMTP Postfix (Ubuntu)
This gives anyone who connects to port 25 both the name of your SMTP software and your Linux distribution. There is no reason to disclose this information, and from a security perspective it is a best practice not to.
I suggest that regardless of which SMTP software is installed the Ubuntu default header should look like this:
220 mx.myhostname.com ESMTP
This is a best practice that all the big players seem to follow:
gmail, yahoo mail, etc.
Revision history for this message
| Scott Kitterman (kitterman) wrote | #1 |
| Changed in postfix: | |
| status: | New → Won't Fix |
Revision history for this message
| Sherman Boyd (sherman-twocell) wrote | #2 |
Revision history for this message
| Scott Kitterman (kitterman) wrote | #3 |
To post a comment you must log in.
The standard from the Postfix upstream is:
220 mx.myhostname.com ESMTP Postfix
It's trivial to change this in your /etc/postfix/