Damian Myerscough a écrit : > Hello, > > I have been recently playing with Postfix a lot and I was curious of the > consequences of disabling the VRFY command. I have disabled the > VRFY command because it allow attackers to see what users > were valid e.g. local users could be identified. >
they can (and do) use RCPT TO for that. so disabling VRFY doesn't bring much value. That said, I personally disable it because I don't see the value it brings. but that doesn't make me feel more secure.
