Re: Open Relays

---

• From: "Kevin Longley" <kwlongley@xxxxxxxxxxxxxx>
• Date: Tue, 2 Jan 2007 16:23:36 -0500

---

This url may help

http://support.microsoft.com/kb/895853/en-us

"news.zen.co.uk" <test@xxxxxxxx> wrote in message
news:4599170a$0$32020$fa0fcedb@xxxxxxxxxxxxxxxxx

Hi All

Recently one of my clients has been blacklisted via
http://www.spamhaus.org/ and I am currently trying to ascertain the cause
of the problem.

I have ensured that all clients have the latest AV definitions and have
performed a full system scan on all machines including the Exchange server
and everything is "clean". I have also ran various spywhere detection
utilities and again everything is "clean".

My next step was to test for open relays. On the majority of the websites
which test for open relays the result was that the Exchange server was not
configured as an open relay (which I expected). However on several of the
sites it claimed that the machine was an open relay. Please find below
the result of the test (I have removed the real IP address)

Relay test 1

RSET

<<< 250 2.0.0 Resetting

MAIL FROM: <spamtest@xxxxxxxxxxxxxxxxxxxxxxxxxx>

<<< 250 2.1.0 spamtest@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx OK

RCPT TO: <relaytest@xxxxxxxxxxxxxxxxxxxxxxxxxx>

<<< 550 5.7.1 Unable to relay for relaytest@xxxxxxxxxxxxxxxxxxxxxxxxxx
Relay test 2

RSET

<<< 250 2.0.0 Resetting

MAIL FROM: <spamtest@xxxxxxxxxxxxxxxxxxxxxxxxxx>

<<< 250 2.1.0 spamtest@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx OK

RCPT TO: relaytest@xxxxxxxxxxxxxxxxxxxxxxxxxx

<<< 550 5.7.1 Unable to relay for relaytest@xxxxxxxxxxxxxxxxxxxxxxxxxx
Relay test 3

RSET

<<< 250 2.0.0 Resetting

MAIL FROM: <spamtest>

<<< 250 2.1.0 spamtest@xxxxxxxxxxxxxxxxxxxxxxxxxxx OK

RCPT TO: <relaytest@xxxxxxxxxxxxxxxxxxxxxxxxxx>

<<< 550 5.7.1 Unable to relay for relaytest@xxxxxxxxxxxxxxxxxxxxxxxxxx
Relay test 4

RSET

<<< 250 2.0.0 Resetting

MAIL FROM: <>

<<< 250 2.1.0 <>....Sender OK

RCPT TO: <relaytest@xxxxxxxxxxxxxxxxxxxxxxxxxx>

<<< 550 5.7.1 Unable to relay for relaytest@xxxxxxxxxxxxxxxxxxxxxxxxxx
Relay test 5

RSET

<<< 250 2.0.0 Resetting

MAIL FROM: <spamtest@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

<<< 250 2.1.0 spamtest@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx OK

RCPT TO: <relaytest@xxxxxxxxxxxxxxxxxxxxxxxxxx>

<<< 550 5.7.1 Unable to relay for relaytest@xxxxxxxxxxxxxxxxxxxxxxxxxx
Relay test 6

RSET

<<< 250 2.0.0 Resetting

MAIL FROM: <spamtest@[xx.xxx.xx.xxx]>

<<< 250 2.1.0 spamtest@[xx.xxx.xx.xxx]....Sender OK

RCPT TO: <relaytest@xxxxxxxxxxxxxxxxxxxxxxxxxx>

<<< 550 5.7.1 Unable to relay for relaytest@xxxxxxxxxxxxxxxxxxxxxxxxxx
Relay test 7

RSET

<<< 250 2.0.0 Resetting

MAIL FROM: <spamtest@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

<<< 250 2.1.0 spamtest@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx OK

RCPT TO:
<relaytest%antispam-ufrj.pads.ufrj.br@xxxxxxxxxxxxxxxxxxxxxxxxx>

<<< 550 5.7.1 Unable to relay for
relaytest%antispam-ufrj.pads.ufrj.br@xxxxxxxxxxxxxxxxxxxxxxxxxxx
Relay test 8

RSET

<<< 250 2.0.0 Resetting

MAIL FROM: <spamtest@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

<<< 250 2.1.0 spamtest@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx OK

RCPT TO: <relaytest%antispam-ufrj.pads.ufrj.br@[80.177.41.226]>

<<< 550 5.7.1 Unable to relay for
relaytest%antispam-ufrj.pads.ufrj.br@[80.177.41.226]
Relay test 9

RSET

<<< 250 2.0.0 Resetting

MAIL FROM: <spamtest@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

<<< 250 2.1.0 spamtest@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx OK

RCPT TO: <"relaytest@xxxxxxxxxxxxxxxxxxxxxxxxxx">

<<< 250 2.1.5 "relaytest@xxxxxxxxxxxxxxxxxxxxxxxxxx"@saturnvisuals.com



As you can see all of the tests failed except test 9. I would be grateful
if you could please confirm if this is normal or is the server acting as
an open relay.

TIA

Craig

.

---

• References:
  • Open Relays
    • From: news.zen.co.uk

• Prev by Date: Programmatically update Free/Busy Information via CDO or MAPI?
• Next by Date: Exchange Routing Engine will not start (sp2 update)
• Previous by thread: Re: Open Relays
• Next by thread: MX Records in DNS
• Index(es):
  • Date
  • Thread

---

Relevant Pages Open relay HELP!!! ... I've run the abuse.net open relay test. ... I'm including the SMTP headers from one of the ... SPAMMERS relaying off my server). ... My issue is that I can't duplicate the open relay and have Exchange ... (microsoft.public.exchange.admin) Open Relays ... Recently one of my clients has been blacklisted via http://www.spamhaus.org/ ... performed a full system scan on all machines including the Exchange server ... sites it claimed that the machine was an open relay. ... Relay test 1 ... (microsoft.public.exchange2000.admin) Re: sendmail to ISPs authenticated SMTP ... Maybe you're just receiving backscatter from someone else's ... It was the relay test at http://www.abuse.net/relay.html that told me ... I might be relaying. ... I am now reasonably confident that I am not running an open relay. ... (comp.mail.sendmail) Re: relay help ... Note that if you are using recipient filtering in Exchange 2003, ... >> messages does not make you an open relay. ... >>> Connecting to 123.123.123.123... ... (microsoft.public.exchange.admin) IMS Que ... originator as. ... I have run a relay test against my ... exchange server and it is secure, ... As far as I am concerned, all my workstation are ... (microsoft.public.exchange.admin)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)