Security annoyance: Hide Exim version

sv70

Active Member
Dec 24, 2006
28
0
151
How can we hide the Exim version?

--------------

#220-server.host.com ESMTP Exim 4.69 #1

---------------
 

chinmay

Well-Known Member
Jul 22, 2008
101
0
66
localhost
To hide the SMTP version/banner follow the steps below

Open the file /etc/exim.conf and find for smtp_banner.

The line would look like

smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \
Remove the "Exim ${version_number}" from the line. The modified line would look like

smtp_banner = "${primary_hostname} ESMTP \
You are done !
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,212
13
313
Houston, TX
cPanel Access Level
Root Administrator
To hide the SMTP version/banner follow the steps below

Open the file /etc/exim.conf and find for smtp_banner.

The line would look like



Remove the "Exim ${version_number}" from the line. The modified line would look like



You are done !
These changes will be obliterated during the next cPanel/WHM update if not sooner if you do not take action to preserve the file (e.g. /scripts/preupcp and /scripts/postupcp scripts).
 

sv70

Active Member
Dec 24, 2006
28
0
151
not enough with: chattr +i /etc/exim.conf?

How you apply /scripts/preupcp and /scripts/postupcp?
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,212
13
313
Houston, TX
cPanel Access Level
Root Administrator
not enough with: chattr +i /etc/exim.conf?
Correct.


How you apply /scripts/preupcp and /scripts/postupcp?
Just copy the file to a backup location in /scripts/preupcp and restore the file from a backup location in /scripts/postupcp.

Keep in mind, by doing these manual modifications and circumventing correction mechanisms by cPanel/WHM, there is no guarantee your exim configuration will remain compatible with future versions of Exim or cPanel/WHM. You do this at your own risk.
 

Bigwebmaster

Active Member
Dec 3, 2003
32
9
158
Just copy the file to a backup location in /scripts/preupcp and restore the file from a backup location in /scripts/postupcp.

Keep in mind, by doing these manual modifications and circumventing correction mechanisms by cPanel/WHM, there is no guarantee your exim configuration will remain compatible with future versions of Exim or cPanel/WHM. You do this at your own risk.
I know this thread is a bit old but this is mainly for reference for anybody else looking for a solution to get around CPanel overriding the changes to the smtp_banner, I just wanted to add what might be a better solution. Instead of copying exim.conf before the update and restoring after the update (which could cause you to miss important changes CPanel makes to exim.conf), I only added to /scripts/postupcp with the following:

Code:
#!/bin/sh
perl -p -i -e 's/smtp_banner = "\${primary_hostname} ESMTP Exim \${version_number}/smtp_banner = "\${primary_hostname} ESMTP Exim/g' /etc/exim.conf
perl -p -i -e 's/\\#\${compile_number} //g' /etc/exim.conf
So all that does is replace the smpt_banner with the same text except without the version number or compile number after upcp has been run. Unless I am forgetting something I think this should keep the smtp_banner up to date without missing important changes.
 
Last edited: