I’m getting a returned vulnerability on my own GCE VM.
Check if Mailserver answer to VRFY and EXPN requests
Some questions about this:
- why is the server listening for incoming mail? I can understand sending main but I don’t understand why it would receive SMTP mail.
- how to I fix this? can I simply turn off postfix? can I add the line to the main.cf that the scan comes back with as a recommendation?
For postfix add ‘disable_vrfy_command=yes’ in ‘main.cf’.