Red Hat Bugzilla – Bug 21801
default sendmail config permits SMTP EXPN and VRFY
Last modified: 2007-04-18 12:30:08 EDT
An ISS scan of one of my RedHat 6.2 systems flagged low-severity vulnerabilities in the default sendmail (8.9.3-20)
configuration. In particular, ISS complained that VRFY and EXPN were both enabled, and explained that both allow
an intruder to obtain information about local user accounts on the system.
Also the default sendmail config allows users to use mailq command. This
can be used to snoop /var/spool/mqueue contents --> users can see where
other users send / receive mail.
This can be changed with the restrictmailq in sendmail.cf
(also noexpn and novrfy should disable the EXPN and VRFY commands)
I do not set restrictmailq, but have added restrictqrun.