Back to Community Threads
Remove versioning information from public visibility
Problem reported by J. LaDow - 1/30/2026 at 8:07 AM
Submitted
J
In our configuration, we have altered all our service banners to remove "SmarterMail" from the connection announcement.

The one place we cannot do this is in the webmail interface source code.

We request that the versioning information that is embedded in the webmail interface code be removed. Keeping the copyright in place is not an issue - but make sure it reads "SmarterTools". Revealing that the application is SmarterMail with an actual build number leaves the webmail interfaces susceptible to "internet device databases" like Shodan - where you can literally search for SmarterMail installations and see over 40k of them because of the webmail or service banners. 

The outside world doesn't need to know what you're running - only you as the host need that information.
MailEnable survivor / convert --
R
Robert Biou Replied
1/30/2026 at 8:41 AM
I agree. It's crucial to remove any reference to the version, including product information and any other data that would allow an attacker to identify the product.
Gabriele Maoret - SERSIS Replied
1/31/2026 at 2:07 AM
IMHO, this would be pointless.
"Security by obscurity" has never worked.

Real hackers don't even check the software version; they simply set up a bot that scans the internet for software and, when it finds the one they want (SmarterMail, in this case...), tries to hack it (and does so automatically, without checking the version).
If they hack it, they get in.

Otherwise, they don't.
Gabriele Maoret - Head of SysAdmins and CISO at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
J
J. LaDow Replied
1/31/2026 at 5:28 AM
I'm talking about not even showing up as SmarterMail in the source code. Our service banners nowhere say SmarterMail - we don't show up in Shodan other than the web interface - and if that information was removed from the behind the scenes of the web interface, we wouldn't show up at all. It's a 5 minute code change and doesn't affect operations.

And you're right, Gabriele - but this isn't as much about "obscurity" as it is prevent the very automation you're talking about - by not showing up in scriptable search engines identifying exactly what I'm running. That's none of the outside world's business.
MailEnable survivor / convert --
C
CLEBER SAAD Replied
1/31/2026 at 5:46 AM
Block too api/v1/licensing/about API call. It's public
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
TLS 1.0/1.1 Deprecation InformationGeneral Topics
Key Feature and Version Milestones in SmarterMailSmarterMail
Sync SmarterMail with the iPhone Using CardDAV and CalDAVSmarterMail > Desktop and Mobile Synchronization
SmarterTrack/WHMCS Addon ModuleUtilities and Conversion Tools
Email Clients and SmarterMail Language SettingsSmarterMail > Desktop and Mobile Synchronization