This site is now 100% read-only, and retired.

Is your mail server an open relay?

Posted by Steve on Mon 8 Nov 2004 at 09:41

Open relays allow people to use your mail server to deliver spam and mail to people whilst using your resources.

None of the mail servers which are part of the Debian operating system are setup insecurely by default, but if you are new to setting up a mail server you should be cautious that you do not open your server accidently.

One very simple way of testing it is to fire off an automated test.

From your mail server run:

telnet relay-test.mail-abuse.org

This will attempt to connect back to your machine and run a series of mail relaying tests against it.

The success or failure will be printed at the end of the run.

If you are inadvertantly running as a relay consult your mail server documentation for tips on how to prevent it.

 

 


Re: Is your mail server an open relay?
Posted by davee (127.0.xx.xx) on Mon 8 Nov 2004 at 12:49
telnet relay-test.mail-abuse.org 25
Is that supposed to do something? It just sits there for a minute and then times out:
Trying 168.61.4.13...

Connected to Cygnus.Mail-Abuse.ORG.
Escape character is '^]'.
220 cygnus.mail-abuse.org ESMTP Postfix
421 cygnus.mail-abuse.org Error: timeout exceeded
Connection closed by foreign host.
Did you miss out any additional instructions?

[ Parent ]

Re: Is your mail server an open relay?
Posted by Steve (127.0.xx.xx) on Mon 8 Nov 2004 at 12:54
[ View Weblogs ]

D'oh.
I mistyped that by force of habbit, omit the '25' from the telnet command:


steve@skx:~$ telnet relay-test.mail-abuse.org
Trying 168.61.4.13...
Connected to Cygnus.Mail-Abuse.ORG.
Escape character is '^]'.
Connecting to 212.13.199.210 ...
<<< 220 skx.vm.bytemark.co.uk ESMTP Exim 3.35 #1 Mon, 08 Nov 2004 12:52:47 +0000
>>> HELO cygnus.mail-abuse.org
<<< 250 skx.vm.bytemark.co.uk Hello cygnus.mail-abuse.org [168.61.4.13]
:Relay test: #Quote test
>>> mail from:
<<< 250 is syntactically correct
>>> rcpt to: <'nobody@mail-abuse.org'>
<<< 501 <'nobody@mail-abuse.org'>: recipient address must contain a domain
>>> rset
<<< 250 Reset OK
:Relay test: #Test 1
...
...
...
System appeared to reject relay attempts
Connection closed by foreign host.


I'll edit the article to fix it.

-- Steve.org.uk

[ Parent ]

Re: Is your mail server an open relay?
Posted by Anonymous (216.220.xx.xx) on Wed 2 Mar 2005 at 18:12
It is also possible to do this straight from the abuse.net website, if that is easier when the need arises. See: http://www.abuse.net/relay.html

[ Parent ]

Re: Is your mail server an open relay?
Posted by Anonymous (68.74.xx.xx) on Wed 7 Mar 2007 at 17:35
Thanks! I was wondering whether or not I had my server set up correctly (which I did).

[ Parent ]

Re: Is your mail server an open relay?
Posted by Anonymous (67.131.xx.xx) on Mon 24 Sep 2007 at 21:14
The telnet server just times out for me.

I found another one that worked.

telnet rt.njabl.org 2500

[ Parent ]