Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Removing Banner Information from SMTP Server?
  •  
hh371

Messages: 4
Karma: 0
Send a private message to this user
Does anyone know if there is a way to hide or remove the information that is displayed on the Kerio Mail smtp server?

For example, if you telnet to port 25 on a server running Kerio MailServer you will see too much information from a security perspective. It tells you that Kerio MailServer is running, along with the version. This information can then be used to find exploits, if they exist.

Our security auditors are asking use to remove this type of banner information from all of our mail servers, ftp servers, etc.

Any help would be greatly appreciated.
  •  
sidbarker

Messages: 66
Karma: 0
Send a private message to this user
Go to the Advanced Options, Miscellaneous tab - on there uncheck "Show Program name and version in network communication"
  •  
hh371

Messages: 4
Karma: 0
Send a private message to this user
Thanks. Found it. But it only removes the banner information from the SMTP server.

So...

1. How do you remove the webmail server banner?
2. Does anyone know what type of webserver kerio webmail runs? It looks like it might be tomcat.

3. Is there a webserver config file that can be modified? Where is it located?

4. The webserver will allow SSLv2 connections, which are insecure. Can this be disabled as well?

Thanks.

[Updated on: Mon, 23 August 2004 20:30]

  •  
sidbarker

Messages: 66
Karma: 0
Send a private message to this user
The webmail system is integrated into KMS, and is very UN-configurable! You can change the Logo saying "Kerio", and nothing else.
The logo is called logo.jpg somewhere in the kerio folder (i forget where, but easy to find).

As for which connection types you can get, you can have plain HTTP or HTTPS - each can be turned off in the Services section. The only security options are in Advanced Options, Security Policy tab. I'm not 100% sure what they are for, whether that is to do with the HTTPS stuff, or is for other authentication (such as SMTP connections to KMS).
  •  
archer

Messages: 21
Karma: 0
Send a private message to this user
If you installed kerio in the default directory, the logo is located in...
C:\Program Files\Kerio|Mailserver\Webmail\Defualt\gfx

the logo name is "logo_kms.gif"

You can design you own logo which is the sames size and replace it the original.
  •  
hinnerup

Messages: 10

Karma: 0
Send a private message to this user
The logo is customizable through the Configuration/Advanced Options/Webmail logo/Select...".

/Tobias
  •  
archer

Messages: 21
Karma: 0
Send a private message to this user
I was refering to the logo on the log on screen. It is not changed by the configuration settings. It will still state "Kerio Mail Server 6" after changing the logo in the configuration.
  •  
Crouze

Messages: 10
Karma: 0
Send a private message to this user
Hi all,

archer wrote on Mon, 23 August 2004 23:18

If you installed kerio in the default directory, the logo is located in...
C:\Program Files\Kerio|Mailserver\Webmail\Defualt\gfx

the logo name is "logo_kms.gif"

You can design you own logo which is the sames size and replace it the original.


Needn't necessarily be the same size, if you alter the login.css file in the Default folder accordingly. I changed it to show a slightly larger logo and also changed the colors, works fine!

Cheers,
Marco

  •  
Richyrich

Messages: 6
Karma: 0
Send a private message to this user
This is contained in the login.php file which is source coded and not configurable. Its written using php scripting from zend.com. The login.php file is compiled, to alter its look you would need to rewrite the source, and recompile. That is if you knew what the source code was.

cheers
  •  
hh371

Messages: 4
Karma: 0
Send a private message to this user
I think you guys are missing my point about the server banner. I'm talking about the web server banner NOT the logo/picture in your web browser.

For example, if you telnet to port 80/443 and do a....

HEAD / HTTP/1.0

...the version of the webserver will be displayed. This information is typically used by "bad" people when attempting to exploit your system.

As for SSL...I know how to turn SSL on and off using the Admin console. I'm looking to disable the webserver from allowing the use of version 2 of the SSL protocol, and other weak encryption ciphers. SSLv2 is known to be flawed an is not an acceptible method of securing communications (Downgrade and Trucation attacks are possible). SSLv3/TLS is preferred.

I realize that the webserver is very unconfigurable from the Admin Console, but there has to be something similar to a httpd.conf file where you can make advanced configuration options.

Anyone know?
Previous Topic: Not able to use Webmail for AD users
Next Topic: SPAM Handling?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 02:06:26 CET 2017

Total time taken to generate the page: 0.00603 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.