The SMTP "EXPN" command allows you to expand a mailing list or alias, to see
where mail addressed to the alias actually goes. For example, many organizations
alias postmaster to root, so that mail addressed to postmaster will get delivered
to the system administrator. Issuing "EXPN postmaster" via SMTP would reveal that
postmaster is aliased to root.
The "EXPN" command can be used by attackers to learn about valid usernames on
the target system. On some SMTP servers, EXPN can be used to show the subscribers
of a mailing list -- subscription lists are generally considered to be sensitive
The "EXPN" command can be useful when debugging mailing lists setup, but it should
be disabled on production servers.