Topic: Unauthorised email relays

[Jay]

Hi,

When I send an outlook IMAP mail from an external network I recieve the message

The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was xx@xx. Subject 'Re: update', Account: 'xxx.net', Server: 'xxx.net', Protocol: SMTP, Server Response: '551 Sorry xxx.xxxxx.com(1.1.1.1), I don't allow unauthorized relaying. Please use another SMTP host to mail from to ', Port: 25, Secure(SSL): No, Server Error: 551, Error Number: 0x800CCC79

Is there a way to enable email relaying and what are the risks...or have I mis-configured something ?

Thanks
Jay

[Terry Brummell]

I don't know if it's possible or not, but I know it's not recommended.  Relay mail server's are what spammers look for so they can send thier bulk mail out and make it look like it came from your server.  It's a very bad idea to allow relaying.

Terry

Jay wrote:
>
> Hi,
>
> When I send an outlook IMAP mail from an external network I
> recieve the message
>
> The message could not be sent because one of the recipients
> was rejected by the server. The rejected e-mail address was
> xx@xx. Subject 'Re: update', Account: 'xxx.net', Server:
> 'xxx.net', Protocol: SMTP, Server Response: '551 Sorry
> xxx.xxxxx.com(1.1.1.1), I don't allow unauthorized relaying.
> Please use another SMTP host to mail from to
> ', Port: 25, Secure(SSL):
> No, Server Error: 551, Error Number: 0x800CCC79
>
> Is there a way to enable email relaying and what are the
> risks...or have I mis-configured something ?
>
> Thanks
> Jay

[Bill Talcott]

Does the external network that you're trying to send mail from have internet access via a separate ISP? Or are you connecting directly to the e-smith?

There is no user verification on SMTP (the protocol for sending mail), so if you open it to external networks, ANYONE can send mail from your server. This is an "open relay", and there are organizations that keep databases of these since they're spammer magnets. With a bit of software, mail servers can be set to check these databases and block ALL email coming from known open SMTP servers. While you yourself might not do anything bad with it, you're just asking for someone to abuse your system.

If the external network is connecting through another ISP, just use the ISP's mail server to send mail. Like the e-smith, your ISP probably limits sending mail to only those clients logged on to the ISP (i.e. verified users on its own network).

If you still really need to open your SMTP server up for external access, there are ways to allow access only after the user has logged in and downloaded their mail (again proving that they're a valid user). However, it's not going to be a simple checkbox option somewhere. You'll have to install and possibly modify mail stuff to make it work.

[Jay]

Thank you both for the excellent information.

What I want to do is access IMAP using an IPAQ through the internet. They will be using an ISP to do this and obviosly, reading mails is not a problem, but sending is.

However, I will probably look at getting the IPAQ's to VPN across the firewall and back into the e-smith from the inside, therefore allowing correct SMTP access to the server.

Thanks again
Jay

[DC]

You could do it w/o the vpn. You would have to use this external network's email server as your outgoing smtp server and your company's email server as incoming smtp server.

[Ryan]

I have a similar problem.  I want to use one of my work SME servers a backup MX for my personal domain (SME).  I followed Charlie Brady's instructions to place the domain name in the rcpthosts control file, yet when I down my server and send an email to my domain through a dial up and yahoo smtp server, it comes back with a message from the backup MX server stating I will have to find a different SMTP server to do the relay.  So my DNS MX records are working correctly, just have to convince the work SME server to accept the emails as described by Charlie Brady.  Anyone please assist.

Thanks in advance,

Ryan

[Jay]

Can anyone help me close my system to mail relaying. I've been blacklisted with one service. I am running stock SME Server 5.0

[Dan Brown]

Jay, if you're running stock SME 5.0, your system is _not_ an open relay.

[Jay]

Good to know. Then how could I have be blacklisted with one org?

P.S. I love this product!Dan Brown wrote:
>
> Jay, if you're running stock SME 5.0, your system is _not_ an
> open relay.

[Dan Brown]

I'd ask the maintainers of that blacklist, and ask them specifically what testing they did to determine that you were a relay.  Note that some blacklists base on things like whether you're using a dial-up IP.