Configure SMTP Greeting Banner

An XCCDF Rule

Description

Edit /etc/postfix/main.cf, and add or correct the following line, substituting some other wording for the banner information if you prefer:

smtpd_banner = $myhostname ESMTP

Rationale

The default greeting banner discloses that the listening mail process is Postfix. When remote mail senders connect to the MTA on port 25, they are greeted by an initial banner as part of the SMTP dialogue. This banner is necessary, but it frequently gives away too much information, including the MTA software which is in use, and sometimes also its version number. Remote mail senders do not need this information in order to send mail, so the banner should be changed to reveal only the hostname (which is already known and may be useful) and the word ESMTP, to indicate that the modern SMTP protocol variant is supported.

ID: xccdf_org.ssgproject.content_rule_postfix_server_banner
Severity: Low
References: 1 14 15 16 3 5 6 7

APO11.04 BAI03.05 DSS05.04 DSS05.07 MEA02.01

4.3.3.3.9 4.3.3.5.8 4.3.4.4.7 4.4.2.1 4.4.2.2 4.4.2.4

SR 2.10 SR 2.11 SR 2.12 SR 2.8 SR 2.9 SR 6.2

A.12.4.1 A.12.4.2 A.12.4.3 A.12.4.4 A.12.7.1

AC-8(a) AC-8(c)

DE.CM-3 PR.PT-1
Updated: about 1 year ago