A customer who is also using Domino asked me today how he could hide the Domino version 'leaking' in the MIME informations like I does. In this short howto I will explain how to do that, and the reason why I think this should be done on every Domino Server, which send out emails into the Internet.
The information in the X-MIMETrack (see example below) make sense when the email is send only internal. The administrator can use that information to troubleshot the system if needed. But from the security aspects these information could be used also from a external person to get collect informations regarding your environment (e.g. to attack your system!).
X-MIMETrack: Serialize by Router on domino01/srv/ACME(Release 8.5.1FP1 HF127|March 05, 2010) at 22.03.2011 08:01:08,
Itemize by SMTP Server on domino02/srv/ACME(Release 8.5.2FP1|November 29, 2010) at 03/22/2011 08:01:14 AM,
Serialize by Router on domino02/srv/ACME(Release 8.5.2FP1|November 29, 2010) at 03/22/2011 08:01:15 AM
X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007
In that case above the person know that:
- you run Lotus Domino
- you use Domino 8.5.2 FP1
- you have at least two domino server
- your organisation (=O) is called ACME
- you have a own Orgunit (=OU) for your servers called srv
- the sender use Lotus Notes 6.5.6
So the person got 6 informations which can be used to attack you... shocked? ;-)
The information above could be easily removed. All you need is to remove the $MIMETrack and the $Mailer on the outgoing emails (you could also remove the received infos if you like). This will force the outbound Domino server to not include any information about the serialization and itemization when it leaves Domino. To do that follow these steps:
- Open the Mail Configuration document.
- Select the MIME tab.
- Select the Advanced tab.
- Select the Advanced outbound mail options tab
- Fill in the field "Notes Fields to be removed from header" and enter the fields (press carriage return between each one):
- Save and close the configuration document.
- Replicate the changes to the outbound SMTP server if necessary.
- On the SMTP server, Enter the command "tell router update config" for the change to take affect (or restart the Domino Service).
Please notes, that action only removes the information contained in these fields from the point of leaving the Domino SMTP Server! Once the message gets to the relay host or next hop (i.e. your ISP or a postfix server) it will record received information about the previous server which is your outbound Domino SMTP server which is mandatory and cannot be hidden.