motd-news reports server information in user-agent header when retrieving MOTD from Canonical servers

[myfirstnameispaul]

Fully explained in this ma.ttias.be blog post, the advertisements printed as part of the MOTD when logging into the server reveals server information in the user-agent header request to Canonical that retrieves that MOTD.

The script file for MOTD is located in /etc/update-motd.d/50-motd-news.

It can be disabled by setting ENABLED=0 in /etc/default/motd-news per this line in the script:

[ "$ENABLED" = "1" ] || exit 0

I can submit a PR to add the below to

mailinabox/setup/system.sh

Line 85 in 1699ab8

# Disable MOTD adverts to prevent revealing server information in MOTD request headers
# See https://ma.ttias.be/what-exactly-being-sent-ubuntu-motd/
tools/editconf.py /etc/default/motd-news ENABLED=0
rm -f /var/cache/motd-news

The second command deletes the last retrieved MOTD.

I verified that ENABLED=1 is set on two different servers that were configured using the ISPs' default Ubuntu 22.04 images and that setting ENABLED=0 did not print the MOTD on next log in and did not create a new /var/cache/motd-news.

However, I did not test running an edited system.sh.