|
Family: SMTP problems --> Category: infos
EXPN and VRFY commands Vulnerability Scan
Vulnerability Scan Summary EXPN and VRFY checks
Detailed Explanation for this Vulnerability Test
The remote SMTP server answers to the EXPN and/or VRFY commands.
The EXPN command can be used to find the delivery address of mail aliases, or
even the full name of the recipients, and the VRFY command may be used to check the validity of an account.
Your mailer should not allow remote users to use any of these commands,
because it gives them too much information.
Solution : if you are using Sendmail, add the option :
O PrivacyOptions=goaway
in /etc/sendmail.cf.
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|