I don't want let spammers take control of my mail server, I have configured my mail server but I am not sure how do I test my mail server for open relay? But what is an open mail realy?
An open mail relay occurs when a mail server processes a mail message where neither the sender nor the recipient is a local user. In this example, both the sender and the recipient are outside the local domain (or rather, the local IP range, for the technically inclined). The mail server is an entirely unrelated third party to this transaction. The message really has no business passing through this server.
I can check my server for open relay using any one of the following methods.
The old way (open relay server test)
Telnet to mail.myserver.com at port 25 and issue all the following commands:
helo client.server.com
mail from: rockyjr@vsnl.com
rcpt to: vivek@nixcraft.in
$ telnet mail.myserver.com 25Output:
Trying 202.51.x.xxx... Connected to mail.myserver.com. Escape character is '^]'. 220 mail.myserver.com ESMTP Postfix helo client.server.com 250 mail.myserver.com mail from: rockyjr@vsnl.com 250 Ok rcpt to: vivek@nixcraft.in 554 : Relay access denied
As you see access denied to send email i.e. my mail server is NOT open relay.
The new way
Another and the best way is to use this website to test an open relay.
See also:
- ORDB FAQ
This is an old post created by LinuxTitli but it was deleted accidentally by me :( I had restored the same from Google cache :)
- Email this to a friend
- Printable version
- Rss Feed
- Last Updated: Oct/27/2006
{ 8 comments… read them below or add one }
From your mail server, telnet to
relay-test.mail-abuse.org
It will do an extensive scan of your IP and immediately report the problems
Sean
Sean,
Good finding.
Appreciate your post.
and if one would see “250 Accepted”… how does one stop an open relay
It is depend upon your MTA. For example postfix use following directives:
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_unauth_destination,
permit_mynetworks,
reject_unknown_recipient_domain,
reject_rbl_client relays.ordb.org,
reject_rbl_client list.dsbl.org,
check_relay_domains,
permit
Sure you need to configure sasl authentication and maintain the list of virtual domains. Let me know your MTA name.
Good information, now i know how to find out if it is open
thanks a lot
yes,i agree with,i don’t want get spam email too.great it’s useful for me.
hi i m trying to build an email site….but i get a rejected mail message when i send mails to rediff and yahoo. but i succesffully sent mails to gmail server and cooltoad server(cooltoad.com).
Please can you tell me what could be the reason??
check your IP here
http://cbl.abuseat.org/lookup.cgi
if your ip is listed here then it will be rejected by yahoo.