The SMTP-VRFY module can be used to enumerate which accounts are valid on a mail
server. The module sends the following:
The module expects the accounts to be checked to be supplied via the user options
(-u/-U/-C). The domain should be supplied as if it were a password. The value sent
via the EHLO command can be set using the
-m EHLO: module option. The
default is to send MEDUSA.
This module was written while testing a single mis-configured SMTP SPAM filter. Other
devices probably behave differently. Some tweaking of the module may be required.