• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 302
  • Last Modified:

Stop positive relay tests on IIS 6 SMTP

We've been having some delivery issues, so I decided to test our gateway server for its reputation and relaying. This server runs IIS 6 SMTP virtual server and Sophos Puremessage. Using the tests at http://www.abuse.net/relay.html, the server passes all until test 8, which returns:

Relay test 8
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:<spamtest@[XXX.XXX.XXX.XXX]>
<<< 250 2.1.0 spamtest@[XXX.XXX.XXX.XXX]....Sender OK
>>> RCPT TO:<"securitytest@abuse.net">
<<< 250 2.1.5 "securitytest@abuse.net"@mailgateway.ourdomain.edu

Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.

(Where XXX.XXX.XXX.XXX is the IP address of our gateway server and mailgateway.ourdomain.edu is the FQDN of the server running IIS and Puremessage.

How do I configure the server to pass this test? Does this test really matter when it passes the others? The mail is of a form that could not be delivered since the gateway only relays mail to our internal Exchange server (so far as I can see).
0
cblake031699
Asked:
cblake031699
  • 3
1 Solution
 
meverestCommented:
Hi,

that is not necessarily a relay fail result.  it is only a fail result IF the message is actually delivered to the intended relay destination.

i honestly do /not/ expect that IIS smtp service will deliver that mail.

cheers.
 
0
 
cblake031699Author Commented:
That's my feeling, too. But I want to be sure that spammers are not going to detect the server as an open relay and throw junk at it, and that the server will not fail tests from other ISPs and be blacklisted. Perhaps I'm being paranoid!
0
 
meverestCommented:
Hi,

that is a reasonable concern, but not something you can effectively prevent.  this is why IIS smtp server is not really a good solution for an inbound mail gateway.

even a server that rejects mail just based on the smtp envelope is not immune to idiot spammers throwing junk at it, especially because most spam these days is generated via zombie-botnet sources.  And since that uses someone else's cpu and bandwidth, thus no spamking really cares to make the process more efficient.

Cheers.
0
 
meverestCommented:
also, no spamtest should add you to a blacklist just for accepting mail - only if it is actually delivered.

Cheers.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now