Disable VRFY and EXPN SMTP Commands for Improved Security #67
Description
Description:
Currently, we respond to the VRFY and EXPN SMTP commands, which can be exploited to:
-
Enumerate valid email addresses or system usernames (VRFY)
-
Reveal internal mailing list members (EXPN)
These commands are considered legacy and unnecessary for normal email operations.
Requirement
Disable VRFY and EXPN in the SMTP configuration by default
Expected Behavior:
-
No disruption to normal mail sending/receiving
-
Improved server hardening
-
Reduced attack surface