mirror of
https://github.com/mjl-/mox.git
synced 2025-06-28 02:28:15 +03:00
68729fa5a3
Attackers scanning the internet can use it to easily create a database of hosts, software and versions. Let's not make it too easy to find old versions that may be vulnerable to potential bugs found in the future. We could try hiding the name "mox" as well, but the banner will still be identifyable, so there isn't much point, and the public knowing approximately which software is running can be useful for debugging. The ID command in IMAP is used by clients to announce their software and version. We only respond with our version when the user is authenticated. There are still ways to discover the version number. But they don't involve standard banner scanning, so someone would have to specifically target mox. We could tighten that in the future. For issue #322, based on email. Thanks everyone for discussing.