
Sendmail EXPN
EXPN allows an intruder to determine if an account exists on a system,
providing significant assistance to a brute force attack on user accounts. It provides
additional information concerning users on the system, such as if they exist
and their full names. The scan engine verifies whether EXPN is turned on in
sendmail.
Risk: Low/Medium
Fix: If you are running sendmail, add the following line to your sendmail
configuration file (usually located in /etc/sendmail.cf):