UCF STIG Viewer Logo

The SMTP services SMTP greeting must not provide version information.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4384 GEN004560 SV-42310r1_rule ECSC-1 Low
Description
The version of the SMTP service can be used by attackers to plan an attack based on vulnerabilities present in the specific version.
STIG Date
SOLARIS 9 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-40640r2_chk )
Check for the Sendmail version being displayed in the greeting.

# telnet localhost 25

If a version number is displayed, this is a finding.

If telnet is unavailable for testing, check the value of the SmtpGreetingMessage parameter in the sendmail.cf file.

# grep SmtpGreetingMessage /etc/mail/sendmail.cf

If the value of the SmtpGreetingMessage parameter contains the $v or $Z macros, this is a finding.
Fix Text (F-35943r1_fix)
Ensure Sendmail or its equivalent has been configured to mask the version information. If necessary, change the O SmtpGreetingMessage line in the /etc/mail/sendmail.cf file as noted below.
O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
Change it to:
O SmtpGreetingMessage= Mail Server Ready ; $b