STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The SMTP service must not have the VRFY feature active.

DISA Rule

SV-227849r603266_rule

Vulnerability Number

V-227849

Group Title

SRG-OS-000480

Rule Version

GEN004680

Severity

CAT III

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

If Sendmail is running, add the line Opnovrfy to the Sendmail configuration file, usually located in /etc/sendmail.cf. For other mail servers, contact the vendor for information on how to disable the verify command. Newer versions of Sendmail are available at http://www.sendmail.org or from ftp://ftp.cs.berkeley.edu/ucb/sendmail.

Check Contents

Determine if VRFY is disabled.

Procedure:
# telnet localhost 25
vrfy root

If the command does not return a 500 error code of command unrecognized, this is a finding.

OR

Locate the sendmail.cf configuration file.

Procedure:
# find / -name sendmail.cf -print
# grep -v "^#" <sendmail.cf location> |grep -i "(goaway|vrfy)"

Verify the VRFY command is disabled with an entry in the sendmail.cf file that reads as one of the following:

Opnovrfy
O PrivacyOptions=novrfy
Opgoaway
O PrivacyOptions=goaway

(Other privacy options, such as noexpn or noetrn, may be included in the same line, separated by commas. The goaway option encompasses a number of privacy options, including novrfy.) If the VRFY command is not disabled, this is a finding.

The SMTP service must not have the VRFY feature active.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments