How to change the POP3 / IMAP4 and SMTP banner in Exchange 2003

In this article I will show you how to change the banner for the POP3/IMAP4 and SMTP service in Exchange 2003. Changing the banner for these Exchange services enhances the security if an attacker and illegitimate users don't know, on the first try, which server is communicating with them. Please keep in mind that this is only one of several methods of securing the Exchange environment.
Marc Grote photo


Get your copy of the German language "Microsoft ISA Server 2004 - Das Handbuch"

First of all let us discuss the necessity of modifying the SMTP/IMAP4 and POP3 banners. What do you see if you connect via Telnet to your Exchange Server for SMTP/IMAP4 and POP3? You will see the Version number of Exchange, the installed Windows Version and the Service Pack version. This information is great for an intruder or hacker that now knows the Windows and Exchange Version and the possible weaknesses of these products. An intruder can now use this information to use some exploits to gain access to the system.

First I will show you what you will see when you try to Telnet your Exchange Server for POP3/IMAP4 and SMTP without modifying the banner. If you don't know how to connect via Telnet to Exchange, read my article about Telnet and Exchange 2003.

The SMTP Message will look like this. Nice: The Server is using Windows 2003 (3790) and Service Pack 1 (1830).


Figure 1: SMTP before Banner modifying

Now we can use the script ADSUTIL.VBS to modify the SMTP banner. You can find ADSUTIL.VBS in the Inetpub\AdminScripts directory on the IIS Server (Exchange Server). Execute the script as follow:

CSCRIPT ADSUTIL.VBS set smtpsvc/x/connectresponse "Text that the SMTP service should display"

The x stands for the number of the Virtual SMTP server. After changing the Banner, stop and start the SMTP service by using the Services console or by issuing the NET STOP SMTPSVC and NET START SMTPSVC command.


Figure 2: Executing ADSUTIL.VBS

Now it is time to connect via Telnet after Banner modifying and you will see the following connection response.


Figure 3: SMTP after Banner modifying

Is this enough? If not, it is possible to fake the connection response after 220 – with a name that you want. You can change the connection response by using the Exchange System Manager in the delivery properties of the Exchange Virtual SMTP Server like in the following picture.


Figure 4: Changing the connection response

If you want to disable some SMTP verbs, read the following article.

Now let's go Telnet the Exchange 2003 POP server. Open a command prompt and enter TELNET ExchangeServerName 110 and press Enter and you will see a picture like the following.


Figure 5: POP3 Banner before modifying

As you can see, we are using Exchange 2003 (6.5) with Service Pack 2 (7623.0).

Please note:
For security purposes the Microsoft POP3 service is disabled by default after Exchange 2003 installation.

You can change these settings by using a tool called SMTPMD which is not available for download. You must open a request to Microsoft PSS to get this handy tool.

One other way is to use the IIS Metabase Explore. The IIS Metabase Explorer is part of the IIS6 Resource Kit which you can download here. After installing the IIS Resource Kit, open the IIS Metabase Explorer and navigate to the POP3SVC key and then to 1 (usually) and create a new Record with the settings shown in the following picture.


Figure 6: Use IIS Metabase Explorer to create a new POP3 String

Please note:
In Exchange 2000, this modification is applied to all the virtual servers on the Exchange server but in Exchange Server 2003, the modification is applied only to the virtual server that you modify (for example 1 for the first Virtual Server) If a banner is deleted from any one of the Virtual Server, the Virtual Server will use the default banner.

Insert any value that you want.


Figure 7: Enter A POP3 connection response string

Now Telnet again to the POP3 service and you will see a connection response like that.


Figure 8: Telnet to POP3 after Banner modifying

As a last step let us connect via Telnet to the Exchange 2003 IMAP4 service and you will see the following connection response.


Figure 9: Telnet to IMAP4 before Banner modifying

Please note:
For security purposes the Microsoft IMAP4 service is disabled by default after Exchange 2003 installation.

For IMAP4 banner modifying we will use the IIS Metabase Explorer for a second time. Navigate to the IMAP4 key and than 1 (usually) and create a new record with the details from the following picture.


Figure 10: Use IIS Metabase Explorer to create a new IMAP4 String

Please note:
In Exchange 2000, this modification is applied to all the virtual servers on the Exchange server but in Exchange Server 2003, the modification is applied only to the virtual server that you modify (for example 1 for the first Virtual Server) If a banner is deleted from any of the Virtual Servers, the Virtual Server will use the default banner.

Insert any value that you want.


Figure 11: Enter A IMAP4 connection response string

Now Telnet again to the IMAP4 service and you will see a connection response like the below.


Figure 12: Telnet to IMAP4 service after Banner modifying

Conclusion

In this article I have shown you how to change the banner for the POP3/IMAP4 and SMTP service in Exchange 2003. Changing the banner for these Exchange services enhance the security a little bit if an attacker or illegitimate user doesn't know on first try which server is communicating with them.

Related Links

How to modify the POP or IMAP banner
http://support.microsoft.com/kb/303513/en-us

How to change the default connection response that you receive after you connect to the SMTP port in Exchange 2003
http://support.microsoft.com/kb/836564/en-us

XCON: How to Modify the SMTP Banner
http://support.microsoft.com/kb/281224/en-us

IIS6 Resource Kit
http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en

About Marc Grote

Marc Grote photo Marc Grote is an MCSA/MCSE Messaging & Security, an MCTS/MCITP and a Microsoft Certified Trainer and MCLC. He is a freelance IT Trainer and Consultant in the north of Germany near Hanover. He works with Invenate GmbH on special projects. You can find more information about Invenate at ttp://www.invenate.de. He specializes in ISA Server, Exchange, Security for Windows 2000/2003 and Windows Server 2008 designs, migrations and implementations, and Citrix Metaframe implementations. His efforts have earned him recognition as a Microsoft MVP for ISA Server since 2004. You can visit his homepage at http://www.it-training-grote.de.

Click here for Marc Grote's section.

Receive all the latest articles by email!

Get all articles delivered directly to your mailbox as and when they are released on MSExchange.org! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update. Sign up to the MSExchange.org Monthly Newsletter, written by Exchange MVP Henrik Walther, containing news, the hottest tips, Exchange links of the month and much more. Subscribe today and don't miss a thing!



Receive all the latest articles by email!

Receive Real-Time & Monthly MSExchange.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an MSExchange.org member!

Discuss your Exchange Server issues with thousands of other Exchange experts. Click here to join!

Solution Center

Readers' Choice

Which is your preferred Email Archiving solution?