> Can we mitigate it somewhat like what Roger Klorese suggested, > eg: restrict the info EHLO reveals or don't reveal actual hostname :
All the configuration items you mentioned are things that affect what your Postfix will or won't do as a client talking to other servers. These configuration options won't affect how your Postfix behaves when it is acting as a server responding to other clients. Configuration parameters with names starting with "smtp_" affect your client; things that affect your server have parameter names starting with "smtpd_". You could make your SMTP server identify itself via a pseudonym by defining your own "smtpd_banner" value. However, aside from violating SMTP standards and risking delivery problems if some client panics at a server banner with an unexpected host name, this really doesn't make much sense because the client already knows who you are (or else it wouldn't have tried to connect to you!). As for "smtp_never_send_ehlo", this tells you (as a client) not to ever send an EHLO to a server. It doesn't affect what your Postfix server will do. As far as I know (I'm sure someone will correct me if I'm mistaken), there isn't any way to tell Postfix not to accept EHLO or other extended commands at all -- nor should there be, in most people's opinions. Rich Wales ri...@richw.org
