On Jul 2, 2005, at 5:06 AM, Ask Bjørn Hansen wrote: ...
Why? If it's for security, will it really make a difference? Does it give any information out that an attacker can use? If there ever is a security problem in qpsmtpd (unlikely, but I suppose possible), wouldn't the attacker just hit SMTP servers at random for it anyway? Or if doing a more targeted attack, surely they'll try no matter what the version string says or doesn't say.
...
Although not a technical reason, many companies that do security vulnerability assessments (such as those from Cisco) count points off if you reveal version numbers. And managers don't like to see points taken off. :)
dig @ns1.cisco.com version.bind chaos txt They even turn off the Bind versions. -- /chris/
smime.p7s
Description: S/MIME cryptographic signature
