Solved

Open Relay Test

Posted on 2003-11-06
8
10,929 Views
Last Modified: 2012-08-14
I had a recent problem with my exchange 2000 server being an open relay. So I ran the abuse.net test on it after I thought it was secure. Here is what test 8 said:

Relay test 8
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[65.115.170.246]>
<<< 250 2.1.0 spamtest@[65.115.170.246]....Sender OK
>>> RCPT TO:<"thermite@comcast.net">
<<< 250 2.1.5 "thermite@comcast.net"@ccc-soft.com
>>> DATA
<<< 354 Start mail input; end with <CRLF>.<CRLF>
>>> (message body)
<<< 250 2.6.0  <rlytest-1068146641-14045@abuse.net> Queued mail for delivery

Does this mean its still open? There is only 50 or so items listed in the SMTP que compared to 1300 when the problem was occuring. Did I not configure something correctly? I have looked at the microsoft articles about this issue and everything looks to be setup properly. Is there something else I should check? Some kind of virus that could exploit this on the server.

Thanks,

-Glen
0
Comment
Question by:Coastalcomputer
8 Comments
 
LVL 8

Accepted Solution

by:
JasonBigham earned 500 total points
ID: 9696621
Here is what i expect to get when trying 65.115.170.246. The 'unable to relay' is what you want to see. I x'd out my IP.

220 dc.esconline.cc Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready a
t  Thu, 6 Nov 2003 15:22:53 -0500
250 dc.esconline.cc Hello [x.xx.xxx.xx]
250 2.1.0 test@test.com....Sender OK
550 5.7.1 Unable to relay for test@test.com

0
 

Author Comment

by:Coastalcomputer
ID: 9696632
So you think it is fine now?
0
 
LVL 8

Expert Comment

by:JasonBigham
ID: 9697117
i don't know about the abuse.net test, but try it yourself.

start run
telnet yourip 25
helo
mail from:test@test.com
rcpt to:test@test.com

Should reject you... if so, you are good. This is assuming that your workstation IP was not added to the authorized relay list.
0
 
LVL 55

Expert Comment

by:andyalder
ID: 9701083
Exchange server fails abuse.net test 8, if it passes most of the others don't worry about it, http://support.microsoft.com/default.aspx?scid=kb;en-us;304897 applies.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 5

Expert Comment

by:vtobusman
ID: 9703442
there is also a fre program called sam spade that will test this for you its free to download from
http://samspade.org
it also check dns and other services to make sure they are working correctly...

  Good Luck
0
 
LVL 9

Expert Comment

by:drev001
ID: 9718164
If you register an account at abuse.net you can run the test in registered mode. This way, the server is only a relay if it delivers the mail. There are a couple of tests exchange servers always fail, they're intended to test older unix servers. The document Andyalder posted explains it better.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 9728213
Email servers can be set up to accept mail from anyone, for delivery to a specific domain (yours ) only. That appears to be the case you have described. Look at this:

250 2.1.5 "thermite@comcast.net"@ccc-soft.com

It is accepting the email, and making sure that it appends the @ccc-soft.com which I presume is your domain.

If someone tries to use your system for spamming, then it will fail as the email address being sent to will be invalid, and the email will get binned after 8 hours or so. However, this may constitute a denial of service problem as if someone thinks that they can use your server to relay, then they may send 100s of 1000s of emails to your server for delivery as they cannot see that the emails are failed to be delivered. This will use your bandwidth, and if you get an error message for each failed delivery to your sysadmin, then you'll get fed up pretty quickly!

HTH:)
0
 

Expert Comment

by:knye123
ID: 11049460
pjedmond, I believe what you just described is exactly what is happening to me.  I have verified that I am not relaying, but I get thousands of emails trying.  I believe it uses my bandwidth and slows my server.  My email virus scanning program also scans everyone.  What can be done to stop what you have suggested?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, we will have a look on how to install Exchange Server 2013 from command prompt, instead of using the graphical user interface. Below are the steps that are to be performed to install Exchange Server 2013. 1. Domain Controller and…
I tend toward trying the newest hardware and software.  Thiss sometimes works out to my benefit, and sometimes not.  Because I downloaded and installed Android 5.x (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.htm…
The purpose of this video is to demonstrate how to set up Lists in Mailchimp. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchimp account. : Click on Lists. Click on Create List Button : Choose the desi…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now