Postfix Banner Faking

Change postfix welcome banner, this howto can tricky the attacker to attack your postfix.

Current banner : 220 mail.suhatman.com ESMTP Postfix

Wanted banner: 220 Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Tue, 18 Mar 2003 18:35:40 +0100

Okay next this step.

Open postfix’s main.cf (configuration file) and search for “smtpd_banner”. Change the banner to whatever you want.

The problem: Microsoft’s ESMTP sends a date back, Postfix can’t. However, the file

/src/global/mail_date.c returns a time in this form: “Mon, 9 Dec 1996 05:38:26 -0500 (EST)”.

So, if you really want to pretend to be Microsoft’s ESMTP do the following: Before compiling, open /src/smtpd/smtpd.c and search for the line

“smtpd_chat_reply(state, “220 %s”, var_smtpd_banner);”

and change it :
smtpd_chat_reply(state, “220 %s ready at %s”, var_smtpd_banner, mail_date(time((time_t *) 0));Now recompile, edit the main.cf to say ” Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329″ and you’re done.

And this result

[root@provoke henry]# telnet mx2.suhatman.com 25
Trying 202.152.1.154…
Connected to mx2.suhatman.com (202.152.1.154).
Escape character is ‘^]’.
220 Microsoft ESMTP MAIL Service ready at Thu, 21 Jun 2007 08:35:42 +0700 (BBWI)
Now you can tricky the attaker ^^

Move to henry.suhatman.com/blog »« Konfigurasi DNS Server Untuk Intranet dan Internet dengan Bind