{"description": "Edit <tt>/etc/postfix/main.cf</tt>, and add or correct the\nfollowing line, substituting some other wording for the banner information if\nyou prefer:\n<pre>smtpd_banner = $myhostname ESMTP</pre>", "rationale": "The default greeting banner discloses that the listening mail\nprocess is Postfix.  When remote mail senders connect to the MTA on port 25,\nthey are greeted by an initial banner as part of the SMTP dialogue. This banner\nis necessary, but it frequently gives away too much information, including the\nMTA software which is in use, and sometimes also its version number. Remote\nmail senders do not need this information in order to send mail, so the banner\nshould be changed to reveal only the hostname (which is already known and may\nbe useful) and the word ESMTP, to indicate that the modern SMTP protocol\nvariant is supported.", "severity": "low", "references": {"cis-csc": ["1", "14", "15", "16", "3", "5", "6", "7"], "cobit5": ["APO11.04", "BAI03.05", "DSS05.04", "DSS05.07", "MEA02.01"], "isa-62443-2009": ["4.3.3.3.9", "4.3.3.5.8", "4.3.4.4.7", "4.4.2.1", "4.4.2.2", "4.4.2.4"], "isa-62443-2013": ["SR 2.10", "SR 2.11", "SR 2.12", "SR 2.8", "SR 2.9", "SR 6.2"], "iso27001-2013": ["A.12.4.1", "A.12.4.2", "A.12.4.3", "A.12.4.4", "A.12.7.1"], "nist": ["AC-8(a)", "AC-8(c)"], "nist-csf": ["DE.CM-3", "PR.PT-1"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["package[postfix]", "system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel", "package_postfix"], "bash_conditional": null, "fixes": {}, "title": "Configure SMTP Greeting Banner", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml", "template": null}