[tpop3d-discuss] (Pure Plain Text, sorry :-) Re: Hiding identifying information (was:
Make tpop3d not run as root, and send another banner..)
Davi
davi at hotpop.com
Fri, 09 Aug 2002 16:55:29 -0300
Davi wrote:
> Davi Arnaut wrote:
>
>> Chris Lightfoot wrote:
>>
>>>On Fri, Aug 09, 2002 at 04:24:25PM +0100, Chris Elsworth wrote:
>>>
>>>
>>>>A couple of sacrifices like this are more than acceptable, I think, in
>>>>order to gain increased security. The option is there, if you don't
>>>>use APOP, then you may wish to use it :) I wouldn't say its a reason
>>>>not to put it in, though.
>>>>
>>>>
>>>>
>>>
>>>I'm not entirely certain what you want to achieve here. Is
>>>it,
>>>
>>> - make tpop3d indistinguishable from other POP3
>>> servers, so that it is difficult to establish what
>>> software a machine is running; or
>>>
>> !- Yes...
>>
>>> - make it impossible to establish the email domain
>>> name associated with a machine?
>>>
>> ! - Yes...greater when working with webhosting...
>>
>>>While I wouldn't quarrel with the desire to do either of
>>>those things -- though they are of perhaps questionable
>>>usefulness -- they are not necessarily best achieved in
>>>the way that you suggest.
>>>
>>>In particular,
>>>
>>> - Establishing that a server is tpop3d is probably
>>> best done by looking at the responses to commands
>>> (whether snide or not). If you want to make tpop3d
>>> look like another server, you'll need to alter at
>>> least the response messages which may get sent
>>> during the authentication phase.
>>>
>> ! - Yes...i have already done this :-). I created a separete file for
>> messages,
>> so i could be easy to translate tpop3d too, using like gettext
>>
>>> - If you don't want to give out your domain name, you
>>> can just set the domain name which tpop3d sends
>>> using the listen-address config directive; in the
>>> CVS version of tpop3d, you can use the `mass virtual
>>> hosting' option to send one based upon the address
>>> to which a client connects.
>>>
>>
>> ! - I dont want to alter tpop3d.conf every time a create a new domain,
>> as i work with webhosting, its everthing automatic, just insert into the
>> mysql table and everthing work fines..
>>
>>>
>>>
>>
>> For the APOP thing you can solve this banner question using the style
>> of Exim,
>> Quoted from exim spec:
>>
>>
>> smtp_banner
>>
>> /Type:/ string, expanded
>> /Default:/ see below
>>
>> This string, which is expanded every time it is used, is output as
>> the initial positive response to an SMTP connection. The default
>> setting is:
>>
>> smtp_banner = $primary_hostname ESMTP Exim $version_number \
>> $tod_full
>>
>>
>> Failure to expand the string causes a panic error. If you want to
>> create a multiline response to the initial SMTP connection, use
>> ``\n'' in the string at appropriate points, but not at the end. Note
>> that the 220 code is not included in this string. Exim adds it
>> automatically (several times in the case of a multiline response).
>>
>> --------
>>
>> So you if the person wants apop, the person puts a $time on the
>> banner (not just useful for apop),
>> and a lot more..
>>
>> Peace,
>>
>> Davi Arnaut
>
>
>