Disabling VRFY and EXPN SMTP command
Article ID: 376177
Updated On: 09-03-2024
Products
Messaging Gateway
Issue/Introduction
How to disable VRFY and EXPN commands on the SMG scanner?
Environment
SMG 10.7 / 10.8 / 10.9
Cause
Some penetration testing can interpret 252 2.0.0 SMTP response from the SMG as a allowed command by seeing a response.
Resolution
VRFY and EXPN commands are restricted by default.
SMG response for VRFY and EXPN command:
VRFY mail@example.com
252 2.0.0 VRFY restricted
EXPN mail@example.com
252 2.0.0 EXPN restricted
Feedback
Yes
No
Powered by
