NTmail 4 VRFY command is broken

In NTmail version 4.3c, there is an option to disable VRFY so that your email addresses can't be harvested by the spammers. 

Normally the following works:

220-Unauthorized Use Prohibited
220 mail.nls.net NTMail (v4.30.0013/NT8427.04.1da0ea15) ready for ESMTP transfer
VRFY postmaster
250 postmaster@nls.net <postmaster@nls.net>.
VRFY nthelp
250 nthelp@nls.net <nthelp@nls.net>.
VRFY bobdoesntexist
557 String does not match anything.

As you can see, it would be minor to write a script that could go thru a list of hundreds of thousands of possible email addresses and save the responses that return a real email address, in fact NTmail is happy to add the correct domain name to the end of the email address for you making it very easy to build a list of addresses you can spam.

Well in NTmail there is an option to turn verify off, when shut off in NTmail 5 (which was just released from beta) it responds like this:

220 mail.net-shopper.co.uk NTMail (v5.01.0003/AB0000.00.719cfeeb) ready for ESMTP transfer
vrfy postmaster
558 VRFY not allowed.

However when disabled in NTmail version 4.3c it still hands out the addresses.

There is more, even in NTmail 5, if you just shut it off via the ESMTP options menu (there is a checkbox to disable VRFY there) it still functions, to turn it off for real you have to edit the system variable AllowVRFY which can be found under support/system variables. Set AllowVRFY=0 to turn it off.

Gordano, the maker of NTmail refuses to fix NTmail version 4 since they have released version 5 several weeks ago. Unfortunately large ISP's running the product can't just update their mail servers without testing the new version for several months first so we are sorta stuck with this.