The remote SMTP server responds to EXPN/VRFY verbs. VRFY and EXPN ask the server for information about an address. Using these verbs it's possible to enumerate the names of valid users on the remote host. Login names are also a way to gather addresses for spam email messages.


You need to configure your STMP server to disallow the usage of these verbs (EXPN and VRFY).


Related Vulnerabilities