Hiding EXIM version and disabling mail.add_x_

itmonitor

Well-Known Member
Apr 10, 2014
83
15
83
cPanel Access Level
Root Administrator
Hello,

I read this article here https://superuser.com/questions/682974/hide-exim4-version-from-email-headers and other similar.

The recommendation to avoid scanners to detect which EXIM software version I am using, is to delete $version_number from EXIM Configuration Manager>Advanced Editor>smtp_banner, which now reads:

"${primary_hostname} ESMTP Exim \#${compile_number} ${tod_full} \n We do not authorize the use of this system to transport unsolicited, \n and/or bulk e-mail."

I rebooted EXIM. However, emails sent after the change still have the EXIM version in their header. Please, any advice on solving this issue is welcome.

Rgs
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello :)

Could you let us know an example of what the header looks like?

Thank you.
 

itmonitor

Well-Known Member
Apr 10, 2014
83
15
83
cPanel Access Level
Root Administrator
Hi Michael :)

Many thanks for your reply. I checked again today and the EXIM version is not anymore in the email headers. I thought that the headers would reflect immediately the configuration set at EXIM Configuration Manager>Advanced Editor>smtp_banner. However, it took several days. Is there any kind of cache in EXIM or in email clients? I use Microsoft Outlook 2013 (Windows 8.1).

Rgs

IM
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
The change should occur as soon as Exim restarts. Is it possible the email were generated before the change occurred?

Thank you.
 

itmonitor

Well-Known Member
Apr 10, 2014
83
15
83
cPanel Access Level
Root Administrator
Hi Michael,

I share with you some information, that perhaps can help - in the case there is potentially a bug here.

Well, I am sure the first thing I did after changing smtp_header field was to reboot EXIM. I have no screenshot or proof to show, but I can also say for sure that the EXIM version was displayed until a couple of days after I deleted $version_number from the smtp_banner field. Where it was cached, I do not know.

I remember I logged in again into WHM EXIM to check the string $version_number was effectively deleted and had not "returned" by chance. The $version_number was not at smtp_banner but still displaying in the Email header.

The EXIM version display was erratic, meaning that, some emails would display it and some not. I noticed for instance that emails sent within my domain, from [email protected] to [email protected], still had the EXIM version in the header. Emails sent from me to other domains, had not the EXIM version.

I had kind of accepted this EXIM version issue as I was in a rush due to work, and as I found out time to look for help again, I posted here in the forum. To my surprise the EXIM version it is gone now.

I hope this information is of any help.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Could you verify the specific method you used to initially update the Exim configuration? Also, have you reproduced the issue in the message headers from the same destination server?

Thank you.
 

itmonitor

Well-Known Member
Apr 10, 2014
83
15
83
cPanel Access Level
Root Administrator
Hi Michael, sorry for delay, been overworking these last days. Replying to your questions:

1. The specific method I used to initially update the Exmi configuration was to go to EXIM Configuration Manager>Advanced Editor>smtp_banner and delete the string $version_number from this field.
2. The issue in the message headers from the same destination server happened up to at least one day after I made the above change (item 1). I was confused and logged in into WHM several times to check if by mistake I had not deleted properly the string $version_number. However, the string was not there in field smtp_banner, but the emails had the EXIM version in their headers. I opened a ticket with my hosting provider, but they could not solve the issue.

I had to focus on other work and to my surprise, when checking the headers soon after posting here, the EXIM version was gone. I do not have any idea why this happened, but there may be a cache somewhere in it that kept the EXIM version even after it was deleted from smtp_banner.

Rgs
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Please feel free to contact us again if you notice the problem reoccur or if the issue is reproducible so we can take a closer look.

Thank you.
 

itmonitor

Well-Known Member
Apr 10, 2014
83
15
83
cPanel Access Level
Root Administrator
Michael, good morning!

On checking further, the sent emails do not display the EXIM version, as it was deleted from the configuration set at EXIM Configuration Manager>Advanced Editor>smtp_banner

The received emails display my EXIM version (4.85) in their header. I wonder if the bounced emails from scammers would display the EXIM version too...

Is there a way to delete the EXIM version from imap, as I did on smtp_banner?

Your advice is welcome! :)

IM



1. Sample received email header:

Code:
Return-path: <[email protected]mple.com>
Envelope-to: [email protected]
Delivery-date: Tue, 22 Sep 2015 06:01:01 +0200
Received: from ai75.mta.domain.com ([66.231.85.75]:35402)
    by myemail.server.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
    (Exim 4.85)
    (envelope-from <[email protected]mple.com>)
    id 1ZeEk8-0005NI-P9
    for [email protected]; Tue, 22 Sep 2015 06:00:52 +0200
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=200608; d=expediamail.com;
h=From:To:Subject:Date:List-Unsubscribe:MIME-Version:Reply-To:Message-ID:Content-Type; [email protected];
2. Another sample received email:

Code:
Envelope-to: [email protected]
Delivery-date: Tue, 22 Sep 2015 04:05:13 +0200
Received: from d83.domain.com ([174.37.226.83]:54344)
    by myemail.server.com with esmtp (Exim 4.85)
    (envelope-from <bounce+be1599.875-
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
To clarify, are you showing the message headers from emails that were sent to your server from a remote mail server? If so, you can't modify the headers that a remote mail server has configured.

Thank you.