CCE-90540-6Platform: cpe:/o:ubuntu:ubuntu_linux:14.10 | Date: (C)2023-07-04 (M)2023-07-04 |
Edit '/etc/postfix/main.cf', and add or correct the
following line, substituting some other wording for the banner information if
you prefer:
'smtpd_banner = $myhostname ESMTP'
Parameter:
[banner_1/banner_2/banner_3]
Technical Mechanism:
The default greeting banner discloses that the listening mail
process is Postfix. When remote mail senders connect to the MTA on port 25,
they are greeted by an initial banner as part of the SMTP dialogue. This banner
is necessary, but it frequently gives away too much information, including the
MTA software which is in use, and sometimes also its version number. Remote
mail senders do not need this information in order to send mail, so the banner
should be changed to reveal only the hostname (which is already known and may
be useful) and the word ESMTP, to indicate that the modern SMTP protocol
variant is supported.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.3 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 1.4 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: NONE |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:26029 |