Monday, March 8, 2010

Sendmail disabling help, vrfy, expn and version information.

We have a security audit and auditor asked me to disable the help, VRFY and EXPN  command  and  disable the version information displayed while login on the sendmail server.

1) To disable the version information from displaying, edit the file. Make a backup copy of the file.

# vi /etc/mail/
look for the line " GreetingMessage"
remove the " Sendmail $v/$Z " after $j. After editing the line looks like below.

O SmtpGreetingMessage=$j  $b

Restart the service

2) To disable the VRFY and EXPN ,look for  "PrivacyOptions" line in the /etc/mail/ file. Edit the PrivacyOptions line and append "novrfy,noexpn" to the line as below. Make sure you made a backup copy of the file before editing.

# privacy flags
O PrivacyOptions=authwarnings,novrfy,noexpn

Restart the service

3) To disable the help, go to /etc/mail/ , move the helpfile to helpfile.old and touch an empty helpfile

# mv helpfile helpfile.old
# touch helpfile

Restart the service
# /etc/init.d/sendmail restart
# svcadm refresh sendmail

After editing the configuration file telnet to port 25 will give the result as below
# telnet myhost 25
220 myhost ESMTP Mon, 8 Mar 2010 09:15:21 +0300 (AST)
214 2.0.0 End of HELP info
252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)
502 5.7.0 Sorry, we do not allow this operation
221 2.0.0 myhost closing connection
Connection to host lost.

1 comment:

  1. Keep posting such kind of information on your blog. I bookmarked it for continuous visit.