SMTP probe commands

During an SMTP connection, a remote sending side (or a person manually telnetting to your SMTP port) can issue commands requesting information  such as a check on the validity of addresses. This very useful information can, however, be subject to abuse, e.g., by  automated search engines checking for valid email addresses on your  firewall system. Therefore some sites may have an interest in disabling these helpful features.

Setting the option DISABLE_EXPAND=1 for your Internet TCP/IP channel ( typically  ) disables the SMTP EXPN command. The SMTP EXPN command is normally used to expand (get the membership of) mailing lists. Note that the alias options  and   (in legacy configuration, mailing list named  parameters &#x5b;EXPANDABLE&#x5d; and &#x5b;NONEXPANDABLE&#x5d;) can be used on a  per-mailing-list basis to control the SMTP EXPN response for that  mailing list. Note also that use of mailing list access controls, e.g., LDAP list attributes such as   and   (or more precisely, those attributes named by the    and   MTA options), or alias options,  , etc., (corresponding in legacy configuration to named parameters such as &#x5b;AUTH_LIST&#x5d;,  &#x5b;AUTH_MAPPING&#x5d;, etc.),  also  affect the SMTP EXPN response for the mailing list so marked: only if  an SMTP client has passed the access controls (for instance by issuing  a MAIL FROM: command identifying as a sender allowed to post to the  list) will the MTA&#x27;s SMTP server then return an informative response to  the client&#x27;s SMTP EXPN command. So DISABLE_EXPAND=1 is suitable if you  wish to disable all EXPN responses. However, if you only have some "sensitive" lists you can instead effectively get  per-list controls on EXPN use.

Setting HIDE_VERIFY=1 for your Internet TCP/IP channel causes the MTA to  return a "generic" response to the SMTP VRFY command. The SMTP VRFY command is normally used to check whether an address is a  legitimate address on the local system. (Note that as it is required that SMTP servers support the VRFY command, the MTA has to return some  sort of response; with HIDE_VERIFY=1, this response is simply a  "maybe" sort of response rather than an explicit yes or no.)  See also   and related channel options for a discussion of channel options that can  also be used to affect SMTP VRFY responses.

Setting DISABLE_ADDRESS=1 for your Internet TCP/IP channel causes the MTA to disable responses to its SMTP server&#x27;s private XADR command, which normally returns information about the channel an address matches.

Setting DISABLE_CIRCUIT=1 for your Internet TCP/IP channel causes the MTA to disable responses to the its SMTP server&#x27;s private XCIR command,  which normally returns information about the MTA message circuit  checking facility.

Setting DISABLE_STATUS=1 for your Internet TCP/IP channel causes the MTA to disable responses to its SMTP server&#x27;s private XSTA command, which  normally returns information about the numbers of messages in MTA  queues.

Setting DISABLE_GENERAL=1 for your Internet TCP/IP channel option file causes the MTA to disable responses to its SMTP server&#x27;s private XGEN  command, which normally returns status information about whether an MTA compiled configuration and character set are in use.

Sample  commands to disable such probes on a typical   channel would be: msconfig&#x3e; set channel:tcp_local.options.DISABLE_EXPAND 1 msconfig# set channel:tcp_local.options.HIDE_VERIFY 1 msconfig# set channel:tcp_local.options.DISABLE_ADDRESS 1 msconfig# set channel:tcp_local.options.DISABLE_CIRCUIT 1 msconfig# set channel:tcp_local.options.DISABLE_STATUS 1 msconfig# set channel:tcp_local.options.DISABLE_GENERAL 1 For legacy configuration, a sample TCP/IP channel option file to disable probing via the SMTP  server, for a site using a   channel, would be as shown  below: DISABLE_EXPAND=1 HIDE_VERIFY=1 DISABLE_ADDRESS=1 DISABLE_CIRCUIT=1 DISABLE_STATUS=1 DISABLE_GENERAL=1 See TCPIP-channel-specific options for more details on these options.

See also:
 * DISABLE_EXPAND
 * Typical TCPIP channels and servers
 * TCPIP-channel-specific options
 * Alias options
 * alias_expandable Option
 * alias_nonexpandable Option
 * Alias file named parameters
 * ldap_auth_url MTA Option
 * ldap_cant_url MTA Option
 * alias_auth_list Option
 * alias_cant_list Option
 * HIDE_VERIFY
 * domainvrfy Option
 * DISABLE_ADDRESS
 * DISABLE_CIRCUIT
 * DISABLE_STATUS
 * DISABLE_GENERAL
 * Restricting information emitted