The SMTP-VRFY module can be used to enumerate which accounts are valid on a mail
server. The module sends the following:
EHLO some_name
VRFY account@domain
The module expects the accounts to be checked to be supplied via the user options
(-u/-U/-C). The domain should be supplied as if it were a password. The value sent
via the EHLO command can be set using the -m EHLO: module option. The
default is to send MEDUSA.
This module was written while testing a single mis-configured SMTP SPAM filter. Other
devices probably behave differently. Some tweaking of the module may be required.
Medusa Documentation