Back to Community Threads
Remove versioning information from public visibility
Problem reported by J. LaDow - Today at 7:07 AM
Submitted
J
In our configuration, we have altered all our service banners to remove "SmarterMail" from the connection announcement.

The one place we cannot do this is in the webmail interface source code.

We request that the versioning information that is embedded in the webmail interface code be removed. Keeping the copyright in place is not an issue - but make sure it reads "SmarterTools". Revealing that the application is SmarterMail with an actual build number leaves the webmail interfaces susceptible to "internet device databases" like Shodan - where you can literally search for SmarterMail installations and see over 40k of them because of the webmail or service banners. 

The outside world doesn't need to know what you're running - only you as the host need that information.
MailEnable survivor / convert --
R
Robert Biou Replied
Today at 7:41 AM
I agree. It's crucial to remove any reference to the version, including product information and any other data that would allow an attacker to identify the product.
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
TLS 1.0/1.1 Deprecation InformationGeneral Topics
Key Feature and Version Milestones in SmarterMailSmarterMail
Sync SmarterMail with the iPhone Using CardDAV and CalDAVSmarterMail > Desktop and Mobile Synchronization
SmarterTrack/WHMCS Addon ModuleUtilities and Conversion Tools
Email Clients and SmarterMail Language SettingsSmarterMail > Desktop and Mobile Synchronization