I don't want let spammers take control of my mail server, I have configured my mail server but I am not sure how do I test my mail server for open relay? But what is an open mail realy?
An open mail relay occurs when a mail server processes a mail message where neither the sender nor the recipient is a local user. In this example, both the sender and the recipient are outside the local domain (or rather, the local IP range, for the technically inclined). The mail server is an entirely unrelated third party to this transaction. The message really has no business passing through this server.
I can check my server for open relay using any one of the following methods.
The old way (open relay server test)
Telnet to mail.myserver.com at port 25 and issue all the following commands:
helo client.server.com
mail from: rockyjr@vsnl.com
rcpt to: vivek@nixcraft.in
$ telnet mail.myserver.com 25Output:
Trying 202.51.x.xxx... Connected to mail.myserver.com. Escape character is '^]'. 220 mail.myserver.com ESMTP Postfix helo client.server.com 250 mail.myserver.com mail from: rockyjr@vsnl.com 250 Ok rcpt to: vivek@nixcraft.in 554 : Relay access denied
As you see access denied to send email i.e. my mail server is NOT open relay.
The new way
Another and the best way is to use this website to test an open relay.
See also:
- ORDB FAQ
This is an old post created by LinuxTitli but it was deleted accidentally by me :( I had restored the same from Google cache :)
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 11 comments… read them below or add one }
From your mail server, telnet to
relay-test.mail-abuse.org
It will do an extensive scan of your IP and immediately report the problems
Sean
Sean,
Good finding.
Appreciate your post.
and if one would see “250 Accepted”… how does one stop an open relay
It is depend upon your MTA. For example postfix use following directives:
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_unauth_destination,
permit_mynetworks,
reject_unknown_recipient_domain,
reject_rbl_client relays.ordb.org,
reject_rbl_client list.dsbl.org,
check_relay_domains,
permit
Sure you need to configure sasl authentication and maintain the list of virtual domains. Let me know your MTA name.
Good information, now i know how to find out if it is open
thanks a lot
yes,i agree with,i don’t want get spam email too.great it’s useful for me.
hi i m trying to build an email site….but i get a rejected mail message when i send mails to rediff and yahoo. but i succesffully sent mails to gmail server and cooltoad server(cooltoad.com).
Please can you tell me what could be the reason??
check your IP here
http://cbl.abuseat.org/lookup.cgi
if your ip is listed here then it will be rejected by yahoo.
Sean, I tried to telnet relay-test.mail-abuse.org, but I did not see any automated results.
I performed the instruction set for open relay test and got access denied.
What should I get in response fro relay-test.mail-abuse.org?
Hi,
Do you want to know how to make qmail mail server become close relay?
Because i think qmail is open relay so i often email from the spammers.
I have configured tcp.smtp file like this:
127.:allow,RELAYCLIENT=”"
but i still receive spam.
And when i follow your instruction the result is still open relay.
Thank you for your answer.
Hi,
use following
127.:allow,RELAYCLIENT=””
.:deny
and run
qmailctl cdb
Regards,
Amit