Everyone knows the 25 (SMTP), 110 (POP), 143 (IMAP) port of Telnet, you can see the version information of the corresponding SMTP, POP, IMAP, basically guess through this version of information. What kind of mail server is used is used. Exchange Server's server is the same. The recent security issues of Microsoft products are constantly, as one of the important business systems of most enterprises, the Exchange Server, which should be received by the system administrator, and timely, the latest patch is required. And for the case where you have any use of unpublished vulnerabilities, you will don't know what it is, and you can modify the SMTP, POP, IMAP Banner information, let your Exchnage Server are not recognized. ? First, let's take a look at the situation before modification: 1. Enter "Telnet 127.0.0.1 25" in the command line mode of Windows 2000 Server, then enter, as shown below. 2. You will get a typical Windows 2000/2003 SMTP service's SMTP service's SMTP service, you will get similar version information, as shown in Figure 220 computer name.domain name.com Microsoft Esmtp Mail Service, Version: Version Number Ready At Date Time 0000 Second, modify the version information of the relevant service 1. Install the metabological editing tool, please download Microsoft's metabase editing tool Metabase Editor 2.2 and install the server where the Exchange Server is located.
http://download.microsoft.com/download/iis50/UTILITY/5.0/NT45/EN-US/MTAEDT22.EXE
2. Open Metabase Editor 2.2, click on the "LM" item, will see these three services we want to modify, respectively: IMAP4SVC, POP3SVC, SMTPSVC, as shown in Figure 3. Modify the version of the SMTP service Banner Information A. Click SMTPSVC item, find the virtual server number of SMTP, default is "1" b. Click Right-click, select "New" -> string type, as shown below, in the pop-up dialog, select after ID Type "Other", the value is "36907" (decimal) d. Enter the content you want to display in the bottom "DATA" value, such as "5D mailserver" e. Point "ok", as shown below 4. Modify the version of the POP service Banner information: a. Click the POP3SVC item, find the virtual server number of POP3, default "1" b. Click Right click, select "New" -> string (string) type C. In the pop-up dialog box, select the type "Other" after the ID, the value is "41661" (decimal) d. Enter the content you want to display in the lower "DATA" value, such as "5Dmail. Net "e. Point" OK "determination, as shown below, repeat the operation of the above BE," String "string value" 41662 "is created, as shown below. 5. Modify version of the version of the IMAP4 service: a. Click the IMAP4SVC item, find the virtual server number of the IMAP4, default is "1" b. Click Right-click, select "New" -> string (String) Type C. In the pop-up dialog box, select the type "Other" after the id, the value is "49884" (decimal) d. Enter the content you want to display in the bottom "DATA" value, such as "5Dmail. Net "e. Point" OK "determination, as shown below, repeat the operation of the above BE, create a" string "string value" 49885 ", as shown below. 6. After confirming that the above operation is correct, turn on Exchange Server ESM to stop the above three services. Then restart these services. Or enter the following command to stop and restart the service in the command line mode. Net Stop SMTPSVCNET Start SMTPSVCNET Stop Pop3SVCNET Start Pop3SVCNET Stop4SVCNET Start IMAP4SVC 3. Check the modification, you can return to the command line mode into "Telnet 127.0.0.1 25", then enter, check whether to modify success. The following is my checkout: IV. Post: 1. Improve the information of POP and IMAP, need to perform two steps, modify the information when "Connect" and "Disable" service. 2. Still displaying a fully qualified domain name (FQDN) and date and time 3. For security, please use "Metabase" -> "Backup / Restore" before making new operations. 4. If you want to cancel this modification, use the "Metabase" -> "Backup / Restore" to restore the database, or against the steps above. 5. It is recommended to disable unwanted services, such as IMAP4 to enhance security.
