I’ve been digging into my email server configuration lately, and I’ve noticed that the Exim version is visible in the headers of outgoing email messages. I’m concerned about this from a security perspective and I’d like to find out how to hide or obfuscate the Exim version to enhance the server’s security posture.
I’ve already checked and adjusted the smtp_banner and smtp_active_hostname settings in my Exim configuration, but the version information still seems to be leaking. I’m wondering if there are any additional steps or configurations I might have overlooked.
Has anyone here encountered a similar issue or successfully hidden the Exim version in outgoing email headers? If so, could you please share your insights or any tips on how to achieve this?
I added it and it didn’t change anything, you can still see:
Received: from localhost ([127.0.0.1] helo=) by hestia with esmtpa (Exim 4.95) (envelope-from <zapasowa@>) id 1rl6eU -00Ddji-91 for @gmail.com; Fri, 15 Mar 2024 13:27:10 +0100
I added this (test) + systemctl restart exim4:
received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\n\t}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver{ ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}(Here the text you want to appear instead ox Exim and the version)\n\t${if def:sender_address {(envelope-from <$sender_address>)\n\t}}id $message_exim_id${if def:received_for {\n\tfor $received_for}}
I checked the wrong server.