Is your mail server a (open) relay?

Here is how you can test it :
Test 1
From another server log onto your mail server, using its outside IP address (or name) :
# telnet outside-IP 25
Trying outside-IP…
Connected to mail-2012.my.domain (outside-IP).
Escape character is ‘^]’.
ehlo localhost
250-mail-2012 Hello [another-outside-IP], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
mail from: bojnik@my.domain
250 2.1.0 bojnik@my.domain… Sender ok
rcpt to: my.account@verat.net
550 5.7.1 my.account@verat.net… Relaying denied. IP name lookup failed [another-outside-IP]
This “Relaying denied” is super!
Test 2
Sites which you can use to check if your server is open relay :
http://www.rbl.jp/svcheck.php
http://www.antispam-ufrj.pads.ufrj.br/test-relay.html
http://www.mob.net/~ted/tools/relaytester.php3
Test 3
It would be good to run the following command if you suspect some nasty things on your mail server. It helps you see if some user account is logging like crazy (and has probably been compromised) :
# grep “authid” /var/log/maillog | cut -d “,” -f 3 | sort -n | uniq -c
61 authid=user1
28 authid=user2
88 authid=user3
23 authid=user4
…..

This entry was posted in Linux and tagged , . Bookmark the permalink.

Comments are closed.