Hetzner - DokuWiki
Mailserver Relaytest/en
![]() |
Languages: |
Deutsch |
Inhaltsverzeichnis |
Mailserver: What is an Open Relay?
Open relay describes a mail server which forwards emails even though neither the sender nor the recipient are hosted by it. Example: The mail server "mail.bigcompany.com" is to process emails for the domain "bigcompany.com".
What should be permitted:
- Mails to e.g. "info@bigcompany.com"
- Mails from e.g. "info@bigcompany.com"
but not:
- Mails from "buyme@werbefritze-xyz.com" to "user@somewhere-else.com"
- Mails with bogus sender addresses from the domain "bigcompany.com", which are sent via this server
These wrongly configured mail servers are usually found automatized within a few minutes of being online and are then used by spammers to send mass mailings.
Apart from the annoyance these advertising messages cause the recipient, extreme costs can be incurred for open relay operators as a result of the traffic generated. Furthermore, the open relay is quickly registered in so-called blacklists causing normal emails from the server to no longer be accepted by many recipients.
How Can I Prevent my Mail Server from Open Relay??
All mail server software does actually have control mechanisms which prevent the unauthorised dispatch of emails.
Basically:
- Only allow email dispatch without authentication, if at all, from in-house IP addresses
- Enforce authentication techniques such as SMTPAuth (if need be also POP-before-SMTP) for dispatching emails
- Only permit the acceptance of emails without authentication for own domains
Example for Postfix
With these configuration entries, Postfix will only permit dispatch of mail by SMTPAuth checked clients.
#### Use SMTP AUTH smtpd_sasl_auth_enable = yes pwcheck_method = saslauthd smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination # nur fuer Outlook Clients broken_sasl_auth_clients = yes #### END SMTP AUTH enable
Thanks to stephanw from the forum.
Manual Relay Test per Telnet
telnet mail.meinedomain.de 25
You should receive
220 cygnus.mail-abuse.org ESMTP Postfix
Now a "HELO domain.tld" and then MAIL FROM, RCPT TO, ...
e.g.:
--> HELO xyz.xx <-- 250 cygnus.mail-abuse.org --> MAIL FROM: xx@xyz.xx <-- 250 Ok --> RCPT TO:<xx@xyz.xx>(Enter a valid email address here.) <-- 554 <xx@xyz.xx>: Relay access denied
Collection of Links
Relay Tests per Web Browser
http://www.mailradar.com/openrelay/
Uses various standard methods to test if the server is an open relay.
Blacklist Check
http://www.dnsstuff.com/ (dort: "Spam database lookup")
Here a great many DNS blacklists are queried which gives you a good idea of whether your own or another mail server is listed elsewhere.