Open Relay

Open Relay

Postby skeating » Tue Jan 03, 2017 12:37 pm

I have been put on a block list, with the explanation that my server may be an open relay. What do I need to check to make sure this is not so? Please be specific as to the areas I need to modify.

Thanks
Stephen Keating
skeating
 
Posts: 60
Joined: Tue Dec 15, 2015 10:00 pm

Re: Open Relay

Postby Code Crafters » Tue Jan 03, 2017 7:01 pm

You need to make sure that you have SMTP authentication enabled and that no "relaying safe IPs" or "POP before SMTP" could allow unauthorised users to relay via your mail server. If you send your mail server primary domain to info@codecrafters.com we'll run tests to verify if you really are an open relay.
Code Crafters
 
Posts: 933
Joined: Mon Sep 10, 2007 2:35 pm

Re: Open Relay

Postby skeating » Tue Jan 03, 2017 8:19 pm

Where would I find the relaying safe IPs or the POP before SMTP on the admin page?
skeating
 
Posts: 60
Joined: Tue Dec 15, 2015 10:00 pm

Re: Open Relay

Postby skeating » Tue Jan 03, 2017 11:28 pm

Not sure if this will help any, but here are the Headers from the messages that got us put on the block list:

X-LB-ID: 6726cfee-a96b-4ff7-a0eb-20ebbfd04be2
X-LB-DT: [1482506050]-[1482477236]
X-LB-SPF: [alexandrialighting.com]-[<(EMAIL REMOVED)>]-[SoftFail]
X-LB-MX: 8-1482506050-[PMX1.70]
X-LB-S: [amerinex.net]-[216.177.49.31]-[mail61.amerinex.info]
X-LB-RT: <(EMAIL REMOVED)>;
X-LB-MF: <(EMAIL REMOVED)>
Received: from [127.0.0.1] ([103.212.90.9]) by amerinex.net
with SMTP (Code-Crafters Ability Mail Server 2.53);
Fri, 23 Dec 2016 10:13:41 -0500
To: (EMAIL REMOVED)
From: "Match One" <(EMAIL REMOVED)>
Message-ID: <(EMAIL REMOVED)>
Date: Fri, 23 Dec 2016 07:13:56 -0800
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101
Thunderbird/38.0.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8


X-LB-ID: b4eb49c3-38d5-486a-8204-4306a96369a7
X-LB-DT: [1483434157]-[1483405338]
X-LB-SPF: [alexandrialighting.com]-[<(EMAIL REMOVED)>]-[SoftFail]
X-LB-MX: 8-1483434157-[PMX1.70]
X-LB-S: [amerinex.net]-[216.177.49.31]-[]
X-LB-RT: <(EMAIL REMOVED)>;
X-LB-MF: <(EMAIL REMOVED)>
Received: from [127.0.0.1] ([138.122.141.169]) by amerinex.net
with SMTP (Code-Crafters Ability Mail Server 2.53);
Tue, 03 Jan 2017 04:02:13 -0500
Date: Tue, 3 Jan 2017 01:02:18 -0800
Subject: You're matched
Message-ID: <(EMAIL REMOVED)>
From: "Match One" <(EMAIL REMOVED)>
To: (EMAIL REMOVED)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8


I take it the received from IP addresses 138.122.141.169, are the ones that are relaying.
skeating
 
Posts: 60
Joined: Tue Dec 15, 2015 10:00 pm

Re: Open Relay

Postby Code Crafters » Wed Jan 04, 2017 10:03 am

Good news is you're not an open relay. Once we found the MX record for your server we used telnet to test with the following:

220 yourdomain.com ESMTP (Code-Crafters Ability Mail Server 2.53)
helo mail.codecrafters.com
250 yourdomain.com
mail from: <>
250 Email address accepted. <>
rcpt to: info@codecrafters.com
550 Account is not local, relaying disallowed. <info@codecrafters.com>

The "550 Account is not local, relaying disallowed." shows that SMTP authentication is preventing unauthorised relaying.

As for the block list you're on you'd have to contact them and ask to be removed. They might be able to give you more information why your IP was blocked. X-Headers should be totally fine though. It's possibly the content or quantity of emails sent got your IP blocked. You can limit the Max Mails Per Day per IP in SMTP settings and per user in the group settings to prevent any of your users bulk sending.

We noticed you’re running 2.53. We would recommend upgrading ideally to version 4 (new license required via http://www.codecrafters.com/AbilityMailServer/BuyNow) or at least to 2.72 which is a free upgrade.
Code Crafters
 
Posts: 933
Joined: Mon Sep 10, 2007 2:35 pm

Re: Open Relay

Postby skeating » Wed Jan 04, 2017 12:16 pm

Is there a counter that shows how much email goes out? I don't wish to under estimate the amount and slow things down.
skeating
 
Posts: 60
Joined: Tue Dec 15, 2015 10:00 pm

Re: Open Relay

Postby Code Crafters » Wed Jan 04, 2017 3:39 pm

There are no counters per user. Just the built in logging and you can make custom logs with content filtering. I should think 20 emails a day is reasonable but 50 should be enough. It depends on your users but you just want to try and limit anyone sending hundreds or even thousands of emails per day. You can also limit the amount in KB sent per day too.
Code Crafters
 
Posts: 933
Joined: Mon Sep 10, 2007 2:35 pm

Re: Open Relay

Postby skeating » Wed Jan 04, 2017 7:26 pm

Thanks for the information.
skeating
 
Posts: 60
Joined: Tue Dec 15, 2015 10:00 pm

Re: Open Relay

Postby skeating » Thu Jan 05, 2017 2:47 pm

One more question. I have put an spf into the dns server listing for the this mail server. Is there a way to test this to make sure the spf is the correct one?

Thanks
skeating
 
Posts: 60
Joined: Tue Dec 15, 2015 10:00 pm

Re: Open Relay

Postby EKjellquist » Fri Feb 24, 2017 8:43 pm

Some other tools you can use (if you haven't already):

Mail Radar OpenRelay check - makes sure you aren't vulnerable to many common relay issues (http://www.mailradar.com/openrelay/)
Check TLS - if you're using SSL/TLS and certificates (http://checktls.com/)
MX Toolbox - great for blacklist and other informational checks (I use this a lot when analyzing AMS logs to whitelist domains/IPs if they get blocked by any of its antispam filters (https://mxtoolbox.com/)
Kitterman SPF tools - good tool for trying out Sender Policy Framework changes to make sure they work (http://www.kitterman.com/spf/validate.html)
EKjellquist
 
Posts: 89
Joined: Tue Sep 09, 2014 10:40 pm

Re: Open Relay

Postby Code Crafters » Mon Feb 27, 2017 10:35 am

If you email us the domain to info@codecrafters.com we'll check the SPF record looks ok.

We may also add a Test SPF button to the Tools page of the settings which would look up the SPF record and check what the SPF result would be within Ability Mail Server for that domain as this could be useful. We'll add this to our feature suggestion list.
Code Crafters
 
Posts: 933
Joined: Mon Sep 10, 2007 2:35 pm


Return to General

Who is online

Users browsing this forum: No registered users and 3 guests

cron