Removing the Domain Name from the helo or ehlo command

[Ctech]

Could anyone tell me how to remove the domain name of the machine that =
you are telneted into so that it does not show up in the helo/ehlo =
command. For example if I do the following

telnet 123.45.34.56 25

I get the following=20

220 name1.name2.name3.name4 Sendmail SMI-8.6/ .....

then if I do=20

helo=20

I get=20
250 name1.name2.name3.name4 Hello ......


How do I keep the "name1.name2.name3.name4" from showing up when I do =
the helo/ehlo. I can stop it from showing in the telnet command, but =
have not figured out the helo/ehlo. Your help is greatly appreciated. [sig][/sig]

 

[AndyBo]

In a nutshell, you can't, unless you hack th source code. And if you do, then you won't be able to send mail from this server to any other. Taken from RFC1123:

&quot;The sender-SMTP MUST ensure that the <domain> parameter in a HELO command is a valid principal host domain name for the client host.&quot;

So, in other words, when a remote server says &quot;HELO&quot;, when I reply I tell them my e-mail domain name. Stopping this from happening will prevent you from doing any mail transfers to other servers. [sig]<p> Andy Bold<br><a href=mailto: > </a><br><a href= > </a><br>"I've probably made most of the mistakes already, so hopefully you won't have to..." Me, most days.[/sig]

 

[Ctech]

Thanks! That's what I was afraid of! [sig][/sig]

 

[Ctech]

Is there a way to change the domain name? Instead of being the standard name1.name2.name3.name4, can I make it name1? [sig][/sig]

 

[AndyBo]

You can change the sendmail mail domain details using various macros in sendmail.cf. (Sorry, but I can't recall the m4 macro names for these, and I don't have my copy of the bat book to hand.)

$w[tab]Short host name. eg, &quot;mailserver&quot;
$j[tab]Long host name. eg, &quot;mailserver.co.uk&quot;
$m[tab]Sub domain name. eg, &quot;co.uk&quot;
$k[tab]Node name. eg, &quot;mailserver&quot;

You can define these values in sendmail.cf using &quot;D&quot; commands. For example, to set the long host name:
[tt]
Dj mailserver.co.uk
[/tt]
You should find that these lines already exist. All you will need to do is amend them (keeping a copy of the original file, just in case...) When you've made the required changes, don't forget to restart sendmail.

As far as returning just &quot;name1&quot; instead of &quot;name1.n2.n3.n4&quot;, this might still cause problems if you are receiving mail from or sending it to a remote host. The remote host will try to look up &quot;name1&quot;. The problem it will have is, which domain is that in? It will default to it's local domain, probably not find it, and bounce your mail back.

HTH. [sig]<p> Andy Bold<br><a href=mailto: > </a><br><a href= > </a><br>"I've probably made most of the mistakes already, so hopefully you won't have to..." Me, most days.[/sig]

 

[Guest_imported]

Ok, one last question hopefully...

The real question is not to change the domain name, but to alter what is displayed. Picture this. When someone hits port 25, the sendmail greeting displays a blurb of text. That is easily changeable in the sendmail.cf file. If the person uses the HELO command, they get more information (e.g. domain name). If they use the EHLO command, they not only get the domain name, but info on what ESMTP services are available. We're not looking to change the domain name, just not display it. We're not looking for a way to disable the ESMTP services, just not tell the world that they are available.

Charles P.

 

[AndyBo]

The problem with doing that is that remote mail servers will also not be able to tell what your local mail server is capable of doing. The HELO and EHLO commands are supposed to return this information. What you've got to remember is that sendmail, or any other kind of network service server (eg, ftp), doesn't know whether it is a human or another computer that is connecting to it's port.

So, you can either set sendmail up to send this information to every connection to port 25, or to not send it at all.

Personally, I don't think you should have any security concerns whatsoever about this information being available. All it is telling anyone is the features that are available. Trust me, even if you don't advertise the fact that the features are there, if there is the possiblity that one of the features may offer a cracker a way into your system, they'll try it anyway.

Security through obscurity doesn't work. Leave the HELO and EHLO commands as they are, and accept the fact that people may try to crack your system. Put procedures in place that will alert you to the fact a crack attempt is taking place, and have procedures detailing what you will do in such a situation.

(BTW, if someone has connected to your server to try this, they will already know your server domain name, it's IP address, any DNS aliases that are defined for it, and the names of any email domains it serves. All of this information is available by running a few &quot;nslookup&quot; commands.)

Hope this helps in some way. [sig]<p> Andy Bold<br><a href=mailto: > </a><br><a href= > </a><br>"I've probably made most of the mistakes already, so hopefully you won't have to..." Me, most days.[/sig]