Security annoyance: Hide Exim version

[sv70]

How can we hide the Exim version?

--------------

#220-server.host.com ESMTP Exim 4.69 #1

---------------

[chinmay]

To hide the SMTP version/banner follow the steps below

Open the file /etc/exim.conf and find for smtp_banner.

The line would look like

smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \

Remove the "Exim ${version_number}" from the line. The modified line would look like

smtp_banner = "${primary_hostname} ESMTP \

You are done !

[sv70]

it works. Thanks!

[chinmay]

it works. Thanks!

You are Welcome Good Luck !

[cPanelDavidG]

To hide the SMTP version/banner follow the steps below

Open the file /etc/exim.conf and find for smtp_banner.

The line would look like



Remove the "Exim ${version_number}" from the line. The modified line would look like



You are done !

These changes will be obliterated during the next cPanel/WHM update if not sooner if you do not take action to preserve the file (e.g. /scripts/preupcp and /scripts/postupcp scripts).

[sv70]

not enough with: chattr +i /etc/exim.conf?

How you apply /scripts/preupcp and /scripts/postupcp?

[cPanelDavidG]

not enough with: chattr +i /etc/exim.conf?

Correct.

How you apply /scripts/preupcp and /scripts/postupcp?

Just copy the file to a backup location in /scripts/preupcp and restore the file from a backup location in /scripts/postupcp.

Keep in mind, by doing these manual modifications and circumventing correction mechanisms by cPanel/WHM, there is no guarantee your exim configuration will remain compatible with future versions of Exim or cPanel/WHM. You do this at your own risk.

[sv70]

ok, thanks so much

[Bigwebmaster]

Just copy the file to a backup location in /scripts/preupcp and restore the file from a backup location in /scripts/postupcp.

Keep in mind, by doing these manual modifications and circumventing correction mechanisms by cPanel/WHM, there is no guarantee your exim configuration will remain compatible with future versions of Exim or cPanel/WHM. You do this at your own risk.

I know this thread is a bit old but this is mainly for reference for anybody else looking for a solution to get around CPanel overriding the changes to the smtp_banner, I just wanted to add what might be a better solution. Instead of copying exim.conf before the update and restoring after the update (which could cause you to miss important changes CPanel makes to exim.conf), I only added to /scripts/postupcp with the following:

Code:

#!/bin/sh
perl -p -i -e 's/smtp_banner = "\${primary_hostname} ESMTP Exim \${version_number}/smtp_banner = "\${primary_hostname} ESMTP Exim/g' /etc/exim.conf
perl -p -i -e 's/\\#\${compile_number} //g' /etc/exim.conf

So all that does is replace the smpt_banner with the same text except without the version number or compile number after upcp has been run. Unless I am forgetting something I think this should keep the smtp_banner up to date without missing important changes.