Open Relay Tests
There are a number of automated open relay tests available. Alternately, we can also manually perform the test for an open relay.
Automated Open Relay Testers
There are several automated open relay testers. We need to use a telnet session to access and use their services. The best-known relay tester is relay-test.mail-abuse.org.
To use this service, we enter the following command at the command prompt of the mail server we are testing:
telnet relay-test.mail-abuse.org
An example session follows:
$ telnet relay-test.mail-abuse.org Trying 168.61.4.13... Connected to cygnus.mail-abuse.org. Escape character is '^]'. Connecting to 999.888.777.666 ... <<< 220 domain.com ESMTP My_MTA >>> HELO cygnus.mail-abuse.org <<< 250 domain.com :Relay test: #Quote test >>> mail from: <spamtest@mta.domain.com> <<< 250 Ok >>> rcpt to: <"nobody@mail-abuse.org"> <<< 554 <nobody@mail-abuse.org>: Relay access denied >>> rset <<< 250 Ok :Relay test: #Test 1 >>> mail from: <nobody@mail-abuse.org> <<< 250 Ok >>> rcpt to: <nobody@mail-abuse.org> <<< 554 <nobody@mail-abuse.org>: Relay access denied >>> rset <<< 250 Ok ... >>> QUIT <<< 221 Bye Tested host banner: 220 domain.com ESMTP My_MTA System appeared to reject relay attempts Connection closed by foreign host.
The test will continue for some time, attempting to exploit common configuration errors and known security problems with popular MTAs. A summary is issued once all the testing is complete. In this example, the mail server was not an open relay.
There are several other open relay testers; an Internet search for the term 'telnet open relay' will locate several of them.
Manual Open Relay Testing
This test must be performed on a machine unrelated to the network hosting the email server, otherwise the MTA may treat the connection as being from a trusted machine. A dial-up connection is ideal. The test involves typing commands as they would be entered by an MTA sending email from a remote host.
From a command prompt, type:
telnet mta.mycorp.com 25
where mta.mycorp.com is the hostname for the MTA being tested, and 25 represents the SMTP port. Ensure that the email addresses used in the MAIL FROM: and RCPT TO: lines are not served by the MTA being tested. An example session is as shown here:
$ telnet mta.mycorp.com 25 Trying 42.42.42.42... Connected to mta.mycorp.com. Escape character is '^]'. 220 mta.mycorp.com ESMTP some_mta MAIL FROM:user1@someplace.org 250 Ok RCPT TO:user2@anotherorg.com 250 Ok DATA 354 End data with <CR><LF>.<CR><LF> From: user1@someplace.org To: user2@anotherorg.com Subject: Whatever This has been relayed through mycorp.com . 250 Ok: queued as 7A7F18D888
If the results include a line beginning with 250 Ok, after the RCPT TO: entry, this indicates that the email has been accepted for delivery and also that the MTA is configured as an open relay. The following example shows a host where relaying is disabled:
$ telnet mta.mycorp.com 25 Trying 42.42.42.42... Connected to mta.mycorp.com. Escape character is '^]'. 220 mta.mycorp.com ESMTP some_mta MAIL FROM:user1@someplace.org 250 Ok RCPT TO:user2@anotherorg.com 554 <user2@anotherorg.com>: Relay access denied
The error message received indicates that the MTA has refused to relay the email from a non-trusted source.