Is my smtp server an open relay or not?

Discussion in 'OT Technology' started by mdaniel, Apr 6, 2006.

  1. mdaniel

    mdaniel S is for Shiksa

    Joined:
    May 6, 2000
    Messages:
    52,514
    Likes Received:
    316
    Location:
    Northwest Mejicooooooo
    I've been learning MS Exchange 2003 at home and can use it to send and receive mail for an Internet domain name I own. I've run my IP address against a couple of online testers and both show basically the same thing. All attempts at relaying get denied until this one:

    "250 2.1.5 "[email protected]"@mydomain.com"

    But they both say that its possible that the smtp server is only appearing to accept the mail, but not actually delivering it. How can I tell the difference?

    The test logs from are below. "mydomain.com" and www.xxx.yyy.zzz are my substitution for posting it here.

    And before anyone yells at me for having an open relay, I only forwarded port 25 to it for testing for an hour or so. Its all shut down now and will stay that way until I can verify from multiple sources that I'm as secure as possible.

    My SMTP Virtual Server's Access tab, Relay Restrictions are set as follows:

    "Only the list below" is selected and the list of allowed IP addresses/domain names is empty.

    "Allow all computers which successfully authenticate to relay, regardless of the list above" is unchecked.

    Under the Users button, only "submit" is allowed.

    Under Access Control, Authentication button:

    Anonymous Access is checked (needed to accept mail from remote mail systems).

    Integrated Windows Authentication is checked

    ------------


    http://www.abuse.net/cgi-bin/relaytest


    Relay test 8
    >>> RSET
    <<< 250 2.0.0 Resetting
    >>> MAIL FROM:<spamtest@[www.xxx.yyy.zzz]>
    <<< 250 2.1.0 spamtest@[[url]www.xxx.yyy.zzz]....Sender[/url] OK
    >>> RCPT TO:<"[email protected]">
    <<< 250 2.1.5 "[email protected]"@mydomain.com

    --------------------

    http://www.mob.net/~ted/tools/relaytester.php3

    :Relay test: #10
    >>> mail from: <[email protected]>
    <<< 250 2.1.0 [email protected]...Sender OK
    >>> rcpt to: <"[email protected]">
    <<< 250 2.1.5 "[email protected]"@mydomain.com
    >>> quit
     
  2. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    try using telnet to port 25 of the mail server and try sending a spam to yourself??
     
  3. mdaniel

    mdaniel S is for Shiksa

    Joined:
    May 6, 2000
    Messages:
    52,514
    Likes Received:
    316
    Location:
    Northwest Mejicooooooo
    I just ran a few tests in telnet. (domain.com = a valid Internet domain name which Exchange accepts mail for.)

    mail from: [email protected]
    rcpt to: [email protected]
    get correctly delivered to the Exchange mailbox

    mail from: [email protected]
    rcpt to: [email protected]
    550 5.7.1 unable to relay

    mail from: [email protected] OR [email protected]
    rcpt to: <"[email protected]">
    Exchange accepts message and attempts to send to "[email protected]"@domain.com but it gets returned to the "mail from" address

    Is putting the destination address in <" "> a spammer trick trying to fool the smtp server into relaying something it wouldn't otherwise?

    And is being able to telnet into my smtp server normal? Something I should (or could) turn off for security?
     
  4. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    Yes you should be able to telnet into any smtp server.

    If your smtp server is set up to deny relaying unless you authenticate - you're good to go.
     

Share This Page