User enumeration via SMTP server
Hi,
Some of your mail servers seems to be vulnerable to SMTP user enumeration via VRFY/RCPT/EXPN command.
xxx.xxx.xxx.xxx
{}
An attacker could guess the services running on the server and obtain usernames for future attacks.
If possible disable the commands VRFY, RCPT and EXPN.
Best regards,
Gwen