Is your email server an open relay?

When talking about email servers the term “open relay” means a mail server that allows anyone to send email through it to any destination.  An email server may become an open relay through accidental misconfiguration by the server administrator, or from malicious action by an attacker.

Open relay email servers

How do open relays cause spam?

Open relays are like gold to spammers.  When a spammer knows about an open relay they will use it to send thousands or even millions of spam emails to recipients via the open relay server.  The benefit to the spammer is twofold – they can mask their own location by relaying through another source; and they can leverage the positive reputation of the email server they are relaying through (at least until that reputation is ruined).

What damage can an open relay do to your business?

There are many ways in which an open relay email server can harm your business –

Loss of reputation – if your email server becomes known as a source of spam, particularly if the spammer is sending the email messages to appear to be from your email domain, your business reputation can be tarnished.

Blocked by other email administrators – an email server administrator who sees a large volume of spam emails originating from your email server may add your IP address to their block list.  Some products such as Exchange Server 2007 will automatically block your IP address for a period such as 24 hours if it fails an open relay test.

Blocked by block list providers – an even worse scenario than an individual email server admin blocking your IP address is that your IP address may be added to a block list provider database such as SpamHaus.  Many anti-spam systems are configured to use such block list providers to reduce the administrative burden of managing block lists.  If your IP address is added to one of these databases you may suddenly find all of your customers and business partners unable to receive email from you.  Furthermore, it can take a lot of time and effort to get your IP address removed from these databases.

How is an open relay email server created?

Most email server products are not open relays by default.  There are three common scenarios in which an email server might become an open relay.

Accidental – an email server administrator might accidentally cause a server to become an open relay when they are reconfiguring the server.  For example, the admin might be trying to configure the email server to allow the office scanner to send scanned documents to email addresses.

Deliberate – an attacker that is able to access the email server might deliberately configure it as an open relay and then sell that information to spammers.  The attacker could even be a disgruntled former employee who knows how to access the system, such as this former IT manager.

Malicious software – many trojans and other malware contain code which installs email software on the computer.  If one of these programs is run on a server it may become an open relay.  This is not limited to just email servers.  Web servers and remote access servers that already have access through the corporate firewall are also at risk.

How to test for open relays

The simplest test to perform on your email servers (or any other server that is accessible from the internet) is to run the mail relay test at SpamHelp.org.  This test runs through a series of different relay attempts against your server to cover all of the possible ways in which a spammer might try to relay spam through your servers.

How to reduce the damage an open relay causes

An open relay is only useful to a spammer if it can send emails out to the internet through the firewall and without any content filtering being applied.  To prevent non-email servers from causing damage as open relays always configure your corporate firewall to only allow outbound SMTP traffic from specific email servers.

Email server products such as Exchange Server 2007 include content filtering features but these do not apply to outbound email.  To reduce the impact of an Exchange server that has become an open relay always ensure that the Exchange server must send outbound email via a secured, trusted server running a dedicated email security solution that includes outbound filtering.

Written by Paul Cunningham

Paul lives in Brisbane, Australia and works as a technical consultant for a national IT services provider, specialising in Microsoft Exchange Server and related messaging systems.

0 Comments

  1. Denis Wilkinson · August 9, 2010

    Recently my E/M address bokk was invaded at a period when my internet connection was disconnected and for a few days everybody started to recieve rather dubious E/M’s purporing to have come from me.
    This went on until I was reconnected and was able to change my password.
    How could this happen?.I am with AOL and my phone line is with BT.I was in dispute with BT and had upset a man working there.Could he have been responsible?.
    Thank you
    Denis

  2. Damien Rame · November 4, 2010

    You can also run a complete security test on http://www.EmailSecurityGrader.com – it has an extensive Open Relay test (including % hacks) and also includes several other email security tests (SPF, DNSBL/Spam Blacklist) which noawadays are at least as important as Open Relay.

Leave A Reply