Ability to put dovecot version in received header
I know that some time ago there was a discussion and this is conscious decision to remove dovecot version from headers during lmtp delievery. But is it possible to restore it as an option?
On 17/03/2021 11:19 Kamil Jońca <kjonca@op.pl> wrote:
I know that some time ago there was a discussion and this is conscious decision to remove dovecot version from headers during lmtp delievery. But is it possible to restore it as an option?
It would be easier to consider this is you'd tell why?
Aki
Aki Tuomi <aki.tuomi@open-xchange.com> writes:
On 17/03/2021 11:19 Kamil Jońca <kjonca@op.pl> wrote:
I know that some time ago there was a discussion and this is conscious decision to remove dovecot version from headers during lmtp delievery. But is it possible to restore it as an option?
It would be easier to consider this is you'd tell why?
other programs (Postfix,exim,fetchmmail,opensmtp, sendmail) - do this, at least program name.
sometimes I would to know when new version really started to deliver messages.
I understand privacy and security (by obscurity) concerns, so I do not insist it should be fixed string, but rather option. KJ
On Wed, Mar 17, 2021 at 01:50:26PM +0100, Kamil Jońca wrote:
other programs (Postfix,exim,fetchmmail,opensmtp, sendmail) - do this, at least program name.
sometimes I would to know when new version really started to deliver messages.
I understand privacy and security (by obscurity) concerns, so I do not insist it should be fixed string, but rather option.
Even if no program name is put in the comments inside the Received: header, it could be inferred from the format of header elements as each program has its own style; also the major version or a range or versions can be sometimes inferred as the format changes sometimes, so there's not much privacy regarding one's choice of mail software. Specific version logged could be used to target specific vulnerabilities
- but nothing prevents an attacker from trying all known vulnerabilities. So not much security, either. It is more of a mail headers reading geeks' curiosity interest than anything else.
(I guess it got removed on the wave of logged data minimization, with little further thought.)
A configurable option to include given text in a commment could be sometimes useful to tag messages, but I can imagine it would be a very low priority feature request. If you really need something like that you could add a filter to your system which would add some custom header with whatever info you want.
-- Piotr "Malgond" Auksztulewicz firstname@lastname.net
participants (3)
-
Aki Tuomi
-
Kamil Jońca
-
Piotr Auksztulewicz