As in many other protocols, POP3 also starts with a server banner. This banner contains the protocol version the server uses, the possible protocol extensions that it supports and, in many situations, the vendor and exact version number of the POP3 server.
This information is useful only if the clients connecting to the POP3 server can be trusted, as it might make bug hunting somewhat easier. On the other hand, this information is also useful for attackers when targeting this service.
To prevent this, the banner can be replaced with a neutral one.
Use the request hash with the 'GREETING' keyword as shown in the following example.
| Example 4.19. Rewriting the banner in POP3 |
|---|
class NeutralPop3(Pop3Proxy):
def config(self):
Pop3Proxy.config(self)
self.request["GREETING"] = (POP3_REQ_POLICY, None, self.rewriteBanner)
def rewriteBanner(self, response)
self.response_param = "Pop3 server ready"
return POP3_RSP_ACCEPT |
| Note |
|---|
Some protocol extensions (most notably APOP) use random characters in the greeting message as salt in the authentication process, so changing the banner when APOP is used effectively prevents APOP from working properly. |
Published on March 04, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu
