Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 177
  • Last Modified:

Open Mail Relaying - security issue?

Running security scan in our organization.
When it comes to our e-mail secure gateway (mx record server) an issue is found from Nessus:
https://www.tenable.com/plugins/index.php?view=single&id=10262
The remote SMTP server appears to allow mail relaying. This means that an unauthenticated, remote user could possibly use the mail server to send messages to the world, thus wasting network bandwidth and computer resources. Such servers are targeted by spammers for sending unsolicited bulk email (UBE).

Is this not applicable because this is our e-mail secure gateway that receives e-mail from the internet to filter and pass on to our Exchange servers?

Or is a email secure gateway not support to allow relay?

Just wondering if I need to tighten security at all.
0
garryshape
Asked:
garryshape
  • 7
  • 5
3 Solutions
 
giltjrCommented:
An open relay is an e-mail server that would allow me to send e-mail to anybody else in the world thru it.  It is considered a serious security issue.

Open relay e-mail servers are used by spammers to hid themselves.

https://en.wikipedia.org/wiki/Open_mail_relay
0
 
garryshapeAuthor Commented:
So does it not need to be open in order to receive e-mail from the internet?

If user@gmail.com sends an e-mail to me at user@ourdomain.com, and relay is off of our appliance, how does the e-mail from gmail get to me at ourdomain.com?

I ran http://mxtoolbox.com/diagnostic.aspx  test against multiple mail servers online and it appears to accept the message.

SMTP (TCP Port 25) - The SMTP service receives email from email clients and other MTAs. Note that restricting the SMTP service will impact the ability of the appliance to filter email.
0
 
giltjrCommented:
No, you should have it configured to receive e-mail for your domain and your domain only.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
garryshapeAuthor Commented:
So my company shouldn't receive e-mail from anyone outside of our company?
We're going to lose a lot of business :(
0
 
giltjrCommented:
No it should receive e-mail TO your company.  The FROM e-mail address can be anything.

In other words you should NOT receive e-mail going TO somebody@gmail.com.
0
 
garryshapeAuthor Commented:
Yes that is established and configured accordingly on the e-mail firewall.
My question is whether this is a false positive report of open relay.
basically, should "telnet ourdomain.com 25" connect successfully in order for e-mail to properly function.

Sender Policy Framework (SPF) works in verifying whether the sender domain is from that domain.
MTA log reports the tests as blocked when e-mail sent via telnet from the internet.
0
 
giltjrCommented:
Yes, that should work.  What you need to test is doing the following


telnet ourdomain.com 25
HELO somedomain.com
MAIL FROM:<youraddress@gmail.com>      
RCPT TO:<youraddress@gmail.com>
DATA                              
From: youraddress@gmail.com      
To:   youraddress@gmail.com    
Subject:  Test Open Relay
                                   
Testing for open relay      
                                 
.  
QUIT
                               
                                 

After you type "Testing for open relay" you need to press enter twice then enter a period.
0
 
giltjrCommented:
Oh, you need to include the "<" and ">" on the MAIL FROM and RCPT TO commands.
0
 
giltjrCommented:
Oh one other thing, I am assuming that "ourdomain.com" resolves to the IP address of your SMTP gateway that we are talking about.
0
 
jessbruffettCommented:
One things to add to @gerryshape in case you arent already, make sure you're scanning your business resources from OUTSIDE you're business network. even with targeting the WAN ip from inside the LAN can bypass the firewall settings and give false positives.
0
 
garryshapeAuthor Commented:
Yes, that was setup in DNS by someone else, and I confirmed.

I was just a bit confused about why Nessus scan was showing it as open relay.  And pointing out that a successful telnet session meant it was vulnerable.

Thanks for the advice and info
0
 
garryshapeAuthor Commented:
Yeah it is being scanned outside. But it shows the same result whether I scan other people's mx record server hosts/IPs as well. Try your own domain mail gateway
0
 
giltjrCommented:
Being able to connect to a SMTP server on port 25 is normal, that is the port SMTP uses.

Being an open relay it something totally different.  Not sure what tool you are using to scan other SMTP servers, but (again) connecting to port 25 is normal for a SMTP server.  If you could not connect, then you would not be able to receive e-mail.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now