Is MailMarshal vulnerable to attacks using VRFY, EXPN, or other SMTP commands?


This article applies to:

  • Trustwave MailMarshal (SEG)

Question:

  • How does SEG/MailMarshal reply to the SMTP VRFY or EXPN commands?
  • Does MailMarshal take any action on repeated bad SMTP commands?

Information:

  • MailMarshal always responds to VRFY with the ambiguous SMTP response "252 user appears to be valid". Outside applications cannot harvest address information using this command.
  • MailMarshal does not support EXPN.
  • MailMarshal has a default mechanism to recognize and restrict excessive repeated requests or nonsense commands. Customers can contact Technical Support for details if required.

Notes:

See also the DHA and DoS attack prevention features documented in the MailMarshal User Guide.

Last Modified 3/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle14969.aspx