SMTP EXPN command

Risk Level: Low risk vulnerability  Low

Check or Attack Name: smtpexpn
Platforms: SMTP servers, Solaris: 2.5.1
Description:

Simple Mail Transfer Protocol (SMTP)-compliant applications, such as the sendmail program EXPN, allow an attacker to determine if an account exists on a system, providing significant assistance to a brute force attack on user accounts. EXPN provides additional information concerning users on the system, such as if they exist and their full names.
Remedy:

If you are running Sendmail, add the line Opnoexpn to your Sendmail configuration file, usually located in /etc/sendmail.cf. For other mail servers, contact your vendor for information on how to disable the expand command.

Newer versions of sendmail are available at http://www.sendmail.org or from ftp://ftp.cs.berkeley.edu/ucb/sendmail.
References:

Sendmail Consortium, Sendmail FAQ, http://www.sendmail.org/faq
X-Force Logo
Know Your Risks