Table of Contents

Ubuntu - Email - Test Open Relay

An outside individual who uses your mail server to deliver email using a false email address is considered relaying mail via your server. A mail server that allows relaying is usually considered to be setup incorrectly and is frequently abused by spammers. These spammers find and use unsecured mail servers to send out unsolicited commercial email.

Tracking down a spammer who uses mail servers open to relaying is difficult. This is because the email appears to be coming from your server, rather than from the original sender. Such spam being delivered by your mail server can give your company a bad reputation.


Email Relay Test

How do you check your server for relaying? Easy, just use a computer outside of your organization and type the commands included in the tables below – you’ll want to do this from a command prompt.

In the following examples, mail.example.com is the mail server you are checking, sender@example.com is a valid email account at mail.example.com (or a fake email address – try both), and youremail@outsideaddress.com is the email account you want this message to go to.


An example of a mail server that does NOT allow relaying

You type this text:

telnet mail.example.com 25

The server should respond with:

Trying 10.10.10.1.
Connected to mail.example.com.
 
Escape character is ‘^]’.
220 mail.example.com

You should type:

HELO mail.example

The server should respond with:

250 OK

You should enter:

MAIL FROM:<sender@example.com>

The server should respond with:

250 OK – Mail from <sender@example.com>

You should enter:

RCPT TO:<youremail@outsideaddress.com>

The server should respond with:

550 Relaying is prohibited

You should enter:

QUIT

The server should reply with:

221 Closing connect, good bye

An example of a mail server that DOES allow relaying

You type this text:

telnet mail.example.com 25

Server should respond with:

Trying 10.10.10.1.
Connected to mail.example.com.
Escape character is ‘^]’.
220 mail.example.com

You should enter:

HELO mail.example

The server should respond with:

250 OK

You should enter:

MAIL FROM:<sender@example.com>

The server should respond with:

250 OK – Mail from <sender@example.com>

You should enter:

RCPT TO:<youremail@outsideaddress.com>

The server should respond with:

250 OK

You should enter:

DATA

The server should respond with:

354 End data with <CR><LF><CR><LF>

You should enter:

From: sender@example.com
To: youremail@outsideaddress.com
 
Subject: Relay test
 
This is a relay test and only a test.
(type  <CR><LF>.<CR><LF> or [enter].[enter] to end data)

The server should respond:

250 OK: Queued as T22122A5

You should enter:

QUIT

The server should respond:

221 Closing connect, good bye

Preventing message relaying with MS Exchange

Before you start, check which version you are running – you must be running Microsoft Exchange Server 5.5 or greater, then follow these 7 steps.

  1. Go to the Internet Mail Service Properties dialog box in Microsoft Exchange
  2. Select the Routing tab at the top.
  3. Select the option Reroute incoming SMTP mail (required for POP3/IMAP4 support).
  4. Reroute incoming SMTP mail.
  5. For each domain you host, you need an entry in the Routing section.
  6. Click the Routing Restrictions button.
  7. Make sure Hosts and clients with these IP addresses is checked. Leave the list of IP addresses blank.

Manually testing all relay types

You can use the steps outlined above but substitute the “from:” and “to:” below to more thoroughly check your server for different types of relay. If any of these tests do not give an error than your server is likely open for that type of relay.

Standard relay

mail from: nobody@third-party.bar rcpt to: nobody@third-party.bar

Sender domain is long

mail from: test@maps1.pa.vix.com rcpt to: nobody@third-party.bar

Sender’s domain is localhost

mail from: <test@localhost> rcpt to: nobody@third-party.bar

Sender address without domain (a local user)

mail from: <test>

Sender address is null (like from Mailer-Daemon)

mail from: <> rcpt to: nobody@third-party.bar

Sender address uses local hostname

mail from: test@your.local.foo rcpt to: nobody@third-party.bar

Sender address using literal domain address (of local host)

mail from: <test@[1.1.1.1]> rcpt to: nobody@third-party.bar

Sender address uses local hostname and recipient uses percent hack

mail from: test@your.local.foo rcpt to: nobody%third-party.bar@your.local.foo

Sender address uses local hostname and recipient uses percent hack with domain literal

mail from: test@your.local.foo rcpt to: <nobody%third-party.bar@[1.1.1.1]>

Quoted

mail from: test@your.local.foo rcpt to: <”nobody@third-party.bar”>

Quoted string and percent hack

mail from: test@your.local.foo rcpt to: <”nobody%third-party.bar”>

Quoted string and percent hack and domain literal “x@y”[IP] arbitrary non-local, source-routed destinations

RCPT TO:<test@some.other.site@some.site>

Sender uses IP rather than FQDN

mail from: <test@[1.1.1.1]> rcpt to: <nobody@third-party.bar@your.local.foo>

Recipient uses IP rather than FQDN

mail from: test@your.local.foo rcpt to: <”nobody@third-party.bar”@[1.1.1.1]>

Recipient uses both FQDN and IP

mail from: test@your.local.foo rcpt to: <nobody@third-party.bar@[1.1.1.1]>

Sender uses domain literal and recipient uses source routing

mail from: <test@[1.1.1.1]> rcpt to: <@your.local.foo:nobody@third-party.bar>

Sender uses local domain and recipient uses source routing with a domain literal

mail from: test@your.local.foo rcpt to: <@[1.1.1.1]:nobody@third-party.bar>

Recipient address uses UUCP-like destination (“bang path”)

mail from: <test@[1.1.1.1]> rcpt to: <third-party.bar!nobody>

Reciepient uses UUCP-like destination and IP

mail from: test@your.local.foo rcpt to: <third-party.bar!nobody@[1.1.1.1]>

Sender is a known local user from local host; and some mail servers are configured to always allow mail from “postmaster”

mail from: postmaster@your.local.foo rcpt to: nobody@third-party.bar