
Sendmail VRFY
VRFY allows an intruder to determine if an account exists on a system,
providing a significant assistance to a brute force attack on user accounts. It
provides additional information concerning users on the system, such as if they exist
and their full names. The scan engine verifies whether VRFY is turned on in
sendmail.
Risk: Low/Medium
Test Performed: The scan engine verifies whether VRFY is turned on in sendmail. This provides
additional information concerning users on the system, such as if they exist
and their full names.
Fix: If you are running sendmail, add the following line to your sendmail
configuration file (usually located in /etc/sendmail.cf):