Recipe 10.12. Changing Server BannersProblemYou want to change the service connection banner displayed to new SMTP, IMAP, or POP sessions. SolutionUsing a graphical user interfaceThe following steps describe how to use MetaEdit on Windows 2000 Server to change the SMTP, IMAP, or POP banners:
The following steps describe how to use MetaBase Explorer on Windows Server 2003 to change the SMTP service banner:
Using a command line
DiscussionThe usual rationale for changing the SMTP banner is to prevent advertising the fact that your server is running Exchange; by stripping this revealing information, so the theory goes, potential attackers will not realize they have connected to an Exchange server and will not try any Exchange-specific attacks they may know about. This theory sounds great right up until the time you connect your modified server to the Internet. What really happens is that the attacker replies to the ESMTP banner with a properly formatted EHLO response; why not, since they are going to need to do so no matter which attack they wish to launch? They then see the list of extended SMTP verbs supported by the server and immediately realize they are dealing with Exchange thanks to the Exchange-specific ESMTP features. Even more commonly, they are not looking for software-specific vulnerabilities, but configuration errors that will allow them to relay messages through your server; they do not care what software you are running, only whether you have properly closed down relay access. This rationale is less applicable to the POP and IMAP services because they don't implement any significant Exchange-specific features. Because the Exchange SMTP, IMAP, and POP services extend the underlying IIS services, this recipe depends on the version of Windows on your Exchange server, not the version of Exchange. Although you cannot install Exchange 2000 on Windows Server 2003, you can run Exchange Server 2003 on Windows 2000 (see Chapter 1 for more details). By default, the SMTP banner is a string concatenated from the following elements:
For example: 220 host.fdqn.tld Microsoft ESMTP MAIL Service, Version: 6.0.3790.211 ready at Wed, 8 Dec 2004 22:52:28 -0800 When you change the banner property, Exchange will still display the SMTP result code, the FQDN, and the date/time stamp. Setting the ConnectResponse property to a value of "ESMTP This space for rent" would thus produce: 220 host.fdqn.tld ESMTP This space for rent Thu, 9 Dec 2004 00:52:01 -0800 Whatever connection string you use, be sure to include the string ESMTP in it or else you may disable Extended SMTP functionality on connections with other systems. Some SMTP implantations will not assume the presence of Extended SMTP functionality unless they see the string ESMTP in the initial banner; without it, they will not send an EHLO on the initial connection. This behavior is based on an unwritten rule that many early ESMTP implementations used, though it was never codified in any RFC. MetaEdit was originally part of the IIS 4.0 Resource Kit. The latest version, 2.2, works on both Windows NT 4.0 and Windows 2000 Server, but will not work on Windows Server 2003 due to the comprehensive changes in the metabase for IIS 6.0. Editing the metabase for IIS 6.0 is a bit easier. You can use the MetaBase Explorer utility, also part of the appropriate resource kit, or you can take advantage of the ability to directly edit the metabase in XML form. While this feature permits easier scripting capabilities, it is outside the scope of this book. Microsoft provides an example of this functionality in Chapter 6 of the Exchange Server 2003 Technical Reference Guide. See AlsoMS KB 281224 (XCON: How to Modify the SMTP Banner), MS KB 301386 (How To Install MetaEdit 2.2 on Windows NT 4.0 or Windows 2000), MS KB 555080 (Changing the SMTP Banner on a Windows 2003 Server Using Metabase Explorer), MS KB 303513 (How to modify the POP or IMAP banner), Chapter 6 "SMTP Transport Architecture" of the Exchange Server 2003 Technical Reference Guide (http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3TechRef/b4938c19-f27d-4657-a55a-823a8184e690.mspx), and the IIS Metabase Property Reference (http://www.microsoft.com/resources/documentation/iis/6/all/proddocs/en-us/ref_mb_aambref.mspx) |