Jacqui Caren-home:
> It was noted that the RFCs mention VRFY as a feature but does not state that
> it has to be enabled or disabled by default.
Citing RFC 2821:
Server implementations SHOULD support both VRFY and EXPN. For
security reasons, implementations MAY provide local installations a
way to disable either or both of these commands through configuration
options or the equivalent.
Citing RFC 5321:
Server implementations SHOULD support both VRFY and EXPN. For
security reasons, implementations MAY provide local installations a
way to disable either or both of these commands through configuration
options or the equivalent (see Section 7.3).
A server SHOULD implement VRFY and EXPN, the OFF switch is optional,
therefore the default is as if the OFF switch does not exist. People
who read this RFC otherwise should become politicians.
Wietse
