This section describes common misconceptions that are counterproductive to the security needs of your deployment.
Hiding Product Names and Versions
At best, hiding product names and versions hinders casual attackers. At worst, it gives a false sense of security that might cause your administrators to become less diligent about tracking real security problems.
In fact, removing product information and version numbers makes it more difficult for the vendor support organization to validate software problems as being that of their software or that of other software.
Hackers have little reason to be selective, particularly if there is a known vulnerability in SMTP servers, where they may attempt to access any SMTP server.
Hiding names of Internal Machines
Hiding internal IP addresses and machine names will make it more difficult to:
Trace abuse or spam
Diagnose mail system configuration errors
Diagnose DNS configuration errors
A determined attacker will have no problem discovering the machine names and IP addresses of machines once they find a way to compromise a network.
Turning off EHLO on the SMTP Server
With EHLO, the remote SMTP client determines if you have a limit and stops trying to send a message that exceeds the limit as soon as it sees this response. But, if you have to use HELO (because EHLO is turned off), the sending SMTP server sends the entire message data, then finds out that the message has been rejected because the message size exceeds the limits. Consequently, you are left with wasted processing cycles and disk space.
Network Address Translation
If you use NAT to provide a type of firewall, you do not have an end-to-end connection between your systems. Instead, you have a third node which stands in the middle. This NAT system acts as a middleman, causing a potential security hole.