LowCheck or Attack Name: smtpvrfy
The SMTP VRFY command is enabled. The VRFY (Verify) command allows an attacker to determine if an account exists on a system, providing significant assistance to a brute force attack on user accounts. VRFY provides additional information about users on the system, such as if they exist and their full names.
If you are running Sendmail, add the line Opnovrfy to your Sendmail configuration file, usually located in /etc/sendmail.cf. For other mail servers, contact your vendor for information on how to disable the verify command.
Newer versions of sendmail are available at http://www.sendmail.org or from ftp://ftp.cs.berkeley.edu/ucb/sendmail.
Sendmail Consortium, Sendmail FAQ, http://www.sendmail.org/faq
Sendmail Consortium, Latest software version, http://www.sendmail.org
Sendmail Consortium, Latest software version, ftp://ftp.cs.berkeley.edu/ucb/sendmail
