[tpop3d-discuss] Re: Hiding identifying information (was: Make tpop3d not run as root,
and send another banner..)
Davi
davi at hotpop.com
Fri, 09 Aug 2002 14:29:43 -0300
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
</head>
<body>
Davi Arnaut wrote:<br>
<blockquote type="cite" cite="mid3D53FB10.5080507@mrmentes.com.br">
<title></title>
Chris Lightfoot wrote:<br>
<blockquote type="cite"
cite="mid20020809153302.GA23883@aquila.esc.cam.ac.uk">
<pre wrap="">On Fri, Aug 09, 2002 at 04:24:25PM +0100, Chris Elsworth wrote:
</pre>
<blockquote type="cite">
<pre wrap="">A couple of sacrifices like this are more than acceptable, I think, in
order to gain increased security. The option is there, if you don't
use APOP, then you may wish to use it :) I wouldn't say its a reason
not to put it in, though.
</pre>
</blockquote>
<pre wrap=""><!---->
I'm not entirely certain what you want to achieve here. Is
it,
- make tpop3d indistinguishable from other POP3
servers, so that it is difficult to establish what
software a machine is running; or</pre>
</blockquote>
!- Yes...<br>
<blockquote type="cite"
cite="mid20020809153302.GA23883@aquila.esc.cam.ac.uk">
<pre wrap="">
- make it impossible to establish the email domain
name associated with a machine?</pre>
</blockquote>
! - Yes...greater when working with webhosting...<br>
<blockquote type="cite"
cite="mid20020809153302.GA23883@aquila.esc.cam.ac.uk">
<pre wrap="">
While I wouldn't quarrel with the desire to do either of
those things -- though they are of perhaps questionable
usefulness -- they are not necessarily best achieved in
the way that you suggest.
In particular,
- Establishing that a server is tpop3d is probably
best done by looking at the responses to commands
(whether snide or not). If you want to make tpop3d
look like another server, you'll need to alter at
least the response messages which may get sent
during the authentication phase.</pre>
</blockquote>
! - Yes...i have already done this :-). I created a separete file
for messages,<br>
so i could be easy to translate tpop3d too, using like gettext<br>
<blockquote type="cite"
cite="mid20020809153302.GA23883@aquila.esc.cam.ac.uk">
<pre wrap="">
- If you don't want to give out your domain name, you
can just set the domain name which tpop3d sends
using the listen-address config directive; in the
CVS version of tpop3d, you can use the `mass virtual
hosting' option to send one based upon the address
to which a client connects.</pre>
</blockquote>
<br>
! - I dont want to alter tpop3d.conf every time a create a new domain,<br>
as i work with webhosting, its everthing automatic, just insert into the<br>
mysql table and everthing work fines..<br>
<blockquote type="cite"
cite="mid20020809153302.GA23883@aquila.esc.cam.ac.uk">
<pre wrap="">
</pre>
</blockquote>
<br>
For the APOP thing you can solve this banner question using the style
of Exim,<br>
Quoted from exim spec:<br>
<br>
<h3>smtp_banner</h3>
<i>Type:</i> string, expanded<br>
<i>Default:</i> see below<br>
<p>This string, which is expanded every time it is used, is output as the
initial positive response to an SMTP connection. The default setting is:</p>
<pre> smtp_banner = $primary_hostname ESMTP Exim $version_number \
$tod_full
</pre>
<p>Failure to expand the string causes a panic error. If you want to create
a multiline response to the initial SMTP connection, use ``\n'' in the string
at appropriate points, but not at the end. Note that the 220 code is not included
in this string. Exim adds it automatically (several times in the case of
a multiline response).</p>
-------- <br>
<br>
So you if the person wants apop, the person puts a $time on the banner (not
just useful for apop),<br>
and a lot more..<br>
<br>
Peace,<br>
<br>
Davi Arnaut<br>
</blockquote>
<br>
<br>
</body>
</html>