Topic: Mail Relaying test

[Dan Williams]

Hi,
I stumbled accross a site that says the following is a quick check to see if your server allows relaying. Itried it on two of my systems, and my results showed rcpt ok, instead of an deny.
Wondered if some of the more advanced people here could comment on this?
Thanks,
Dan

Simplified open relay test of Mail.Suspect.com:
root# telnet Mail.Suspect.com 25
mail from: root@YourCurrentDomain.com
You should get "Sender OK"

rcpt to: somebody@TheirDomain.com
You should get "Relaying Denied"

quit

[steve]

Well,

SME/e-smith rejects relaying by default. The developers made it that way.

Now, I have used several Relay-Checking  services on the Internet that said I was relaying, also many that said I was not relaying.

So, I went on the basic fact that relaying is disabled out of the box and I didn't do any custom hacks to allow it.

Steve Lewis

[nate]

It depends on how the test works.  What you can do is use another computer connected to the internet from outside your location.  Get into the email client and change the outgoing server to your server name, leaving the rest of the setting what they were.  Try to send a message and see what happens.  Or post your domain and I'll try it (the latest version of horde/imp has a 'network' module that will do a relay check).

[Dan Williams]

Hi Nate,
Yes, I tried that  (set my outgoing mail server to another server, outside the network) and it could not find that server.
So I guess from that perspective, it does not relay mail.
Dan

[nate]

It should be able to find the server.  For example willcraft.com :
Results for Mailserver willcraft.com:


220 nebula7653.willcraft.com mailfront ESMTP
HELO mail.example.com
250 nebula7653.willcraft.com
MAIL FROM:
250 Sender accepted.
RCPT TO:
553 Sorry, that domain isn't in my list of allowed rcpthosts.
QUIT
221 Good bye.

Result:
553 Sorry, that domain isn't in my list of allowed rcpthosts.

[Bill Talcott]

Dan Williams wrote:
>
> Hi Nate,
> Yes, I tried that  (set my outgoing mail server to another
> server, outside the network) and it could not find that server.
> So I guess from that perspective, it does not relay mail.
> Dan

Like Nate said, you should be able to find the server. If you're not on that server's network, you might (should) get the same error, saying that they don't allow relaying though.

Basically, a mail server should only let email be sent to or from its own addresses. It checks incoming mail against its userlist to verify mail coming to it. Outgoing mail is restricted to its own users by only allowing mail from the local network.

In other words, joe@aol.com can't use mail.my_sme_domain.com to send mail to bob@compuserve.com. This is because neither Joe nor Bob is a legitimate user of the SME. Joe should be using his mail.aol.com or whatever as his mail server, not yours.

Because of this, our remote office (using a separate ISP) couldn't send mail via our SME. The connections were coming from an outside network (their_isp.net) and were refused. Nathan Fowler's pop-before-smtp adds the IP addresses of POP/IMAP connections to the list of authorized users, so after checking their mail the remote users were temporarily granted access to the SMTP server. It's not 100% secure, but it allows virtually unrestricted access to valid users while blocking access to virtually all who shouldn't have it.