ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Status of VRFY and EXPN commands in Messaging Gateway


Article ID: 172000


Updated On:


Messaging Gateway


Penetration testing shows a report that Symantec Messaging Gateway (SMG) allows usage of VRFY and EXPN commands.


SMG sends a 252 response to commands that are restricted by default. Some penetration testing can interpret this as a allowed command by seeing a response.

Example commands and responses from SMG:
vrfy [email protected]
252 2.0.0 vrfy restricted
expn [email protected]
252 2.0.0 expn restricted


Verify the SMTP commands you want to use are not allowed by testing with a telnet connection to your SMG over port 25.