In this post I will be showing you how to remove your server’s OS information from the postfix banner. While this isn’t enough to stop somebody from finding out your server OS by itself, it never hurts to make things just a tiny bit more difficult.
Checking If Your Server Displays OS Information
To check if your server is currently allowing people to see information about the OS or even postfix itself on your postfix banner, you want to telnet to your mail server. You can do so by running the command below or if you want to make life even easier then you can use this nifty web based tool.
telnet yourdomain.com 25
Removing Sensitive Information From Postfix Banner
To remove the sensitive information from your postfix banner, you will need to edit your postfix configuration file and replace the smtpd_banner line with what I have below. You can access the configuration file by running the following command.
sudo vi /etc/postfix/main.cf
Next change the smtpd_banner line to “smtpd_banner = $myhostname”. After you have done this, save and restart postfix.
sudo service postfix restart
There you go, no more version info will be displayed on your postfix banner when somebody telnets to your mail server (banner grabbing). For more information on hardening postfix, please see How To Enable TLS Encryption On Postfix.
Please don’t forget to share/comment, thanks!
