Article ID: 155684
Article Last Modified on 10/28/2006
APPLIES TO
- Microsoft Exchange Server 4.0 Service Pack 2
This article was previously published under Q155684
SYMPTOMS
The RFC 821 that defines the Simple Mail Transport Protocol (SMTP) states that "The VRFY and EXPN commands are not included in the minimum implementation." The VRFY command is used to verify that an address is valid on a given SMTP host. This command is not implemented in the Microsoft Exchange Internet Mail Connector (IMC), version 4.0. The use of the VRFY command is considered a security hole by some organizations.
STATUS
Microsoft is aware that the VRFY command is used by some DNS registration authorities for domain validation. For example, in France, the National Network Information Center relies on an automatic procedure for verifying that the Postmaster and Hostmaster E-mail addresses of a new DNS domain are valid.
Microsoft has confirmed this to be a problem in Microsoft Exchange Server version 4.0. This problem was corrected in the latest Microsoft Exchange Service Pack. For information on obtaining the Service Pack, query on the following word in the Microsoft Knowledge Base (without the spaces):
S E R V P A C K
Additional query words: VRFY IMC XSRVInCon
Keywords: kbusage KB155684