The Mailserver on this host answers to VRFY and/or EXPN requests. VRFY and EXPN ask the server for information about an address. They are inherently unusable through firewalls, gateways, mail exchangers for part-time hosts, etc. OVS suggests that, if you really want to publish this type of information, you use a mechanism that legitimate users actually know about, such as Finger or HTTP.
Disable VRFY and/or EXPN on your Mailserver. For postfix add 'disable_vrfy_command=yes' in 'main.cf'. For Sendmail add the option 'O PrivacyOptions=goaway'.
Updated on 2015-03-25
- Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
- Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
- Exim < 4.72 RC2 Multiple Vulnerabilities
- Multiple Kerio Products Administration Console File Disclosure and Corruption Vulnerability
- Check if Mailserver answer to VRFY and EXPN requests