DeskNow Knowledge Base
 
      
Home Mail I suspect my server is being used as open relay. How can I check?

I suspect my server is being used as open relay. How can I check?

First of all, it is important to understand what is an open relay.

'Relay' is the operation in which a mail server receives a mail message, finds out that the message is directed to a recipient which is not a local account (i.e. it is not a mail account on the server itself) and then 'relays' or forwards it to another mail server, which is typically the mail server that handles email for the recipient's domain.

Example: the user sally@domain.com uses a mail client to send out an email to john@anotherdomain.com . Her mail client is set to use desknow.domain.com as her outgoing mail server.

the desknow.domain.com mail server receives the message from Sally's mail client, and finds out that the recipient is an address in the domain otherdomain.com . The mail server verifies that otherdomain.com is not one of its domains or virtual domains, and so realizes that the message must be relayed. It then looks up the MX record for the domain otherdomain.com, finds what is the address of the mail server of that domain, and sends (relays) the message to it.

To prevent abuse, all mail servers restrict who can use the relay functionality. DeskNow allows relaying only in two cases:

  • the sending mail client (Sally's mail client in this example) has authenticated with Sally's username and password.
  • the sending mail client is connecting from one of the IP addresses that have been configured by admin to be authorized to relay

In any other case, DeskNow denies the relay operation.

An 'open relay' is a server that does not perform any of the above checks, and allows anyone, connecting from any IP address, and without using authentication, to relay mail.

There are no known open relay vulnerabilities in DeskNow. If DeskNow sends out mail, it is because either the sender has authenticated using a valid username/passowrd, or because it connected from an IP address that was authorized to relay.

It is possible however, that you have authorized relay from all the IP addresses in your LAN, and one of the computers in the LAN has been infected by a worm. In that case, since the worm connects from an authorized IP address, it would be able to relay. But that does not mean that your mail server is an open relay. It simply means that it is doing what it has been told to do.

If you suspect someone (a person, or a worm) is abusing your mail server as relay, simply look at the log.SMTPIn log file. It will track the IP address of the sender of every incoming message - if you see a lot of messages from the same IP, and to recipients that are unknown to you, it is possible that there is a mail worm running in the PC at that IP address.

For a general test for open relay, you can test your server using a public service like http://www.abuse.net/relay.html

Email Article Email
Print Article Print


How helpful was this article to you?
Related Articles
article I cannot send mail using Outlook/Eudora/etc: 551 Relay denied
If you're getting the '551 Relay denied'...

  May 31, 2004    Views: 83110   
article I get this error when sendin out emails: SMTPAddressFailedException: 554 : Relay access denied
This error means that the server that DeskNow...

  March 3, 2006    Views: 23760   
article 550 Dynamic IPs/Open relays blocked
This error can appear when the mail server of a...

  July 24, 2004    Views: 54664   



Powered by Lore :: (c)2003 Pineapple Technologies.