My GCE is a listening mailserver

I’m getting a returned vulnerability on my own GCE VM.

Check if Mailserver answer to VRFY and EXPN requests

Some questions about this:

  1. why is the server listening for incoming mail? I can understand sending main but I don’t understand why it would receive SMTP mail.
  2. how to I fix this? can I simply turn off postfix? can I add the line to the that the scan comes back with as a recommendation?

For postfix add ‘disable_vrfy_command=yes’ in ‘’.

Following up to see what I can do about this. Anything?

We will release an updated version of the GCE with a fix for this soon. I will post a notification here once it is available.


Awesome! Thanks @Martin.


The Greenbone Community Edition with Greenbone OS 5.0.12 has now been released and includes the mentioned fix:


Thanks @Martin. I have installed the latest version and can confirm this is no longer coming up as a vulnerability.

1 Like