How do I verify that my server is not acting as an open relay?

Everyone can send mail from the server without authorization. I think that relaying is opened on my server. How can I stop it?

Diagnostics

To check if your server is really acting as an open relay try to connect to it from anotherserver and send a message to an external email address:

[root@<another server> ~] # telnet <YOUR_SERVER_IP> 25
Trying <YOUR_SERVER_IP>...
Connected to <YOUR_SERVER_IP>.
Escape character is '^]'.
220 hostname ESMTP Postfix
mail from: test@domain.tld
250 2.1.0 Ok
rcpt to: test@domain2.tld
554 5.7.1 <test@domain2.tld>: Relay access denied

If you see an output similar to the one shown above, your server is not an open relay.
Otherwise, if you see a reply like "250 2.1.5 Ok", then your server is indeed acting as an open relay and you need to proceed to theresolution part below.
Note: When sending messages to an email address hosted on the same server authorization is usually not required, and such behavior is not considered as an open relay. The same applies to sending messages locally from the server.

Resolution

If you find that your server is acting as an open relay, please check the following:

1. Go to PP control panel and check the relaying setting in the server-wide mail preferences:
For PP 10: Go to Tools & Settings -> Mail Server Settings
For PP 9:
Go to Server -> Mail Server Settings
For PP 8:
Go to Server -> Mail
It should be set to "authorization is required."

2. On the same page check the white list and make sure that there are no unwanted IPs/networks. By default, the list should contain only "127.0.0.1 / 8" or "127.0.0.1 / 32." This record means that authorization is required for all IPs except for one: IP 127.0.0.1. That allows mail to be sent via Webmail.

3. Check if this article can fix your issue:
6114 [Info] Parallels Plesk Panel is overloaded with spam messages because it works as open relay

4. Check that the SMTP is served by Qmail (or Postfix starting from PP v. 9), but not by another software (see this article: 1837).

5. If the server has been acting as an open relay for a long time, it is probably flooded with SPAM. Check how many messages there are in the queue using "$QMAIL_ROOT_D/bin/qmail-qstat." If the queue contains too many messages, see this article: 766.

 

http://kb.parallels.com/article_22_1394_en.html

Leave a comment