Mail Relaying

What is Relaying?

When someone outside of your organization uses your SMTP Server to send mails out over the Internet; it’s a big problem if you have an “Open” Relay because this Relay will be used by other Spammer to send their mail.

The main problem with spammers using your server to send e-mails out over the Internet is that your server’s information will be in the header of the messages and the recipients of these messages will track you down. If you are being used as a Relay the chances are you will be contacted by someone complaining and ultimately you will be “Black Listed” for sending spam mails. It means that your server would be added in a list of servers that have been found to have “Open” Relay’s, and many companies block messages from servers that are on the “Black List”. So, when you try to send legitimate e-mails the chances are it will be returned. Once your server has been placed on a “Black List” it is very hard to be taken off and this could cost your organization a lot of money in lost revenue and you could lose your credibility.

How to test for Mail Relaying?

How can you check your SMTP server for relaying? Simple, All of you have to do is use a computer outside of your organization and type the commands shown below later in this section. You will need to type in these commands in a command shell.

In order for proper understanding of the process lets look into the following examples, mail.example.com is the mail server you are checking, sender@example.com is valid email account at mail.example.com ( or a fake email address- you can try both), and youremail@outsideaddress.com is the email account you want this message to go to.

Given below is a set of steps which are used to send mail through a mail server which is vulnerable for mail relaying.

Steps:

1. TELNET mail.example.com 25
2. EHLO mail.example
3. MAIL FROM:
4. RCPT TO:
5. DATA

From:sender@example.com
To:youremail@outsideaddress.com
Subject: Relay test

This is a relay test and only a test.

(Type . or [enter].[enter] to end data)

6. QUIT

Here we have a detailed example of mail relay where pipelining is employed by the SMTP server. The command typed and the server response is mentioned below.

You type this text	Server should respond with this
TELNET mail.example.com 25	Trying 10.10.10.1. Connected to mail.example.com. Escape character is '^]'. 220 ESMTP ESMTP
EHLO 10.10.10.1	250-mail.example.com 250-PIPELINING 250-SIZE 9999360 250-VRFY 250-ENHANCEDSTATUSCODES 250-8BITTIME 250 DSN
MAIL FROM:<>	250 2.1.0 OK
RCPT TO:	250 2.1.5 OK
DATA	354 End data with
From:sender@example.com To:youremail@outsideaddress.com Subject: Relay test This is a relay test and only a test. (type . or [enter].[enter] to end data)	250 2.0.0 OK: Queued as T22122A5
QUIT	221 2.0.0 bye

Preventing message relaying with MS Exchange

Before you start checking which version you are running - you must be running Microsoft Exchange Server 5.5 or greater, then follow these 7 steps.

1. Go to the Internet Mail Service Properties dialog box in Microsoft Exchange
2. Select the Routing tab at the top.
3. Select the option reroute incoming SMTP mail (required for POP3/IMAP4 support).
4. Reroute incoming SMTP mail.
5. For each domain you host, you need an entry in the Routing section.
6. Click the Routing Restrictions button.
7. Make sure Hosts and clients with these IP addresses are checked. Leave the list of IP addresses blank.

For further information you can check some of the reference websites below.

1. http://www.msexchange.org/pages/article.asp?id=54

2. http://www.slipstick.com/exs/relay.htm#basics

3. http://www.auditmypc.com/freescan/readingroom/relay.asp

4. http://support.microsoft.com/?kbid=304897