How to stop OS/daemon information leakage in dovecot (server_tokens)?

Michael Altfield

10/10/22, 5:02 PM

How do I stop dovecot from telling its clients what flavour of linux I'm running and that it's a dovecot imap server?

If I connect to my smtp server, I see the following snippet

user@host:~$ openssl s_client -crlf -connect mail.example.com:993
CONNECTED(00000003)
...
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot (Debian) ready.
...
user@host:~$

Much to my dismay, the above output clearly indicates that I'm running a Debian server and that I'm using dovecot as my IMAP server.

In nginx, you can set server_tokens off to disable such information leakage.

In apache, it's

ServerTokens Prod
ServerSignature Off

What's the equivalent setting to tell dovecot not to leak the OS or imap server I'm running to clients?

1 + 3

email-server

nginx

imap

dovecot

apache2

anx

10/10/22, 5:10 PM

What would the desired end result look like? Deviating from the defaults is just *adding* more information..

anx

10/10/22, 5:12 PM

Does this answer your question? [How do I change dovecot's imap and pop 'banner'?](https://serverfault.com/questions/1046848/how-do-i-change-dovecots-imap-and-pop-banner)

Michael Hampton

10/10/22, 5:19 PM

Be aware that doing this does not increase security in any meaningful way.

Score:0

Server

Michael Altfield

10/10/22, 5:16 PM

You can achieve this by setting the login_greeting option in dovecot.conf to the empty string

Add the following to your dovecot.conf file:

login_greeting = ''

Restart dovecot. Now connection attempts should look like this:

user@host:~$ openssl s_client -crlf -connect mail.example.com:993
CONNECTED(00000003)
...
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN]

...
user@host:~$

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to stop OS/daemon information leakage in dovecot (server_tokens)?

TH: จะหยุดการรั่วไหลของข้อมูล OS/daemon ใน dovecot (server_tokens) ได้อย่างไร

RO: Cum să opriți scurgerea de informații despre OS/daemon în dovecot (server_tokens)?

RU: Как остановить утечку информации об ОС/демоне в dovecot (server_tokens)?

VI: Làm cách nào để ngăn chặn rò rỉ thông tin OS/daemon trong dovecot (server_tokens)?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.