SV-227849r603266_rule
V-227849
SRG-OS-000480
GEN004680
CAT III
10
If Sendmail is running, add the line Opnovrfy to the Sendmail configuration file, usually located in /etc/sendmail.cf. For other mail servers, contact the vendor for information on how to disable the verify command. Newer versions of Sendmail are available at http://www.sendmail.org or from ftp://ftp.cs.berkeley.edu/ucb/sendmail.
Determine if VRFY is disabled.
Procedure:
# telnet localhost 25
vrfy root
If the command does not return a 500 error code of command unrecognized, this is a finding.
OR
Locate the sendmail.cf configuration file.
Procedure:
# find / -name sendmail.cf -print
# grep -v "^#" <sendmail.cf location> |grep -i "(goaway|vrfy)"
Verify the VRFY command is disabled with an entry in the sendmail.cf file that reads as one of the following:
Opnovrfy
O PrivacyOptions=novrfy
Opgoaway
O PrivacyOptions=goaway
(Other privacy options, such as noexpn or noetrn, may be included in the same line, separated by commas. The goaway option encompasses a number of privacy options, including novrfy.) If the VRFY command is not disabled, this is a finding.
V-227849
False
GEN004680
Determine if VRFY is disabled.
Procedure:
# telnet localhost 25
vrfy root
If the command does not return a 500 error code of command unrecognized, this is a finding.
OR
Locate the sendmail.cf configuration file.
Procedure:
# find / -name sendmail.cf -print
# grep -v "^#" <sendmail.cf location> |grep -i "(goaway|vrfy)"
Verify the VRFY command is disabled with an entry in the sendmail.cf file that reads as one of the following:
Opnovrfy
O PrivacyOptions=novrfy
Opgoaway
O PrivacyOptions=goaway
(Other privacy options, such as noexpn or noetrn, may be included in the same line, separated by commas. The goaway option encompasses a number of privacy options, including novrfy.) If the VRFY command is not disabled, this is a finding.
M
4061