UCF STIG Viewer Logo

The SMTP service must not have the EXPN feature active.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4692 GEN004660 SV-4692r2_rule ECSC-1 Low
Description
The SMTP EXPN function allows an attacker to determine if an account exists on a system, providing significant assistance to a brute-force attack on user accounts. EXPN may also provide additional information concerning users on the system, such as the full names of account owners.
STIG Date
SOLARIS 9 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-28638r1_chk )
Determine if EXPN is disabled.

Procedure:
# telnet localhost 25
expn root

If the command does not return a 500 error code of command unrecognized, this is a finding.

OR

Locate the sendmail.cf configuration file.

Procedure:
# find / -name sendmail.cf -print
# grep -v "^#" | egrep -i "(goaway|noexpn)"

Verify the EXPN command is disabled with an entry in the sendmail.cf file that reads as one of the following:

Opnoexpn
O PrivacyOptions=noexpn
Opgoaway
O PrivacyOptions=goaway

(Other privacy options, such as novrfy or noetrn, may be included in the same line, separated by commas. The goaway option encompasses a number of privacy options, including noexpn.) If the EXPN command is not disabled, this is a finding.
Fix Text (F-4620r2_fix)
Edit the sendmail.cf file and add Opnoexpn option.
Restart the Sendmail service.