DominoNoBanner – suppress banner and version information

🛠️

Parameter: DominoNoBanner

Short description: Suppresses banner/copyright/version information on SMTP, POP3, IMAP, and HTTP (security hardening).

Profile

Parameter	`DominoNoBanner`
Category	Security / TLS
Component	Server
Available since	R8
Supported versions	9.0.1, 10.0, 11.0, 12.0, 14.0, 14.5
GUI equivalent	notes.ini only (no GUI)
Possible values	0 = show banner (default), 1 = suppress banner

Description

DominoNoBanner=1 removes references to vendor, product name, and version number from the greeting and response banners of the Internet tasks (SMTP, POP3, IMAP, partially HTTP). This way, a vulnerability scanner or attacker no longer gets direct hints about the exact Domino version – a standard hardening step for Internet-exposed servers.

The actual banner text (e.g. SMTP 220-…) can additionally be set freely via SMTPGreeting; DominoNoBanner also works in the other mail protocols.

Example configuration


DominoNoBanner=1

Notes & pitfalls

Affects SMTP, POP3, IMAP – additionally harden the HTTP banner via HTTPHideVersion or similar.

Changes the banner, not the behavior of the protocols.

Not "stealth" – the version can often still be derived via feature fingerprinting.

Recommended for every Internet-exposed Domino server.

Uncritical on hub/intranet servers, but may make troubleshooting harder (no banner version check).