It is so important that to make sure your mail server is not open relayed.? Otherwise, after a while your mail server is opening your mail server's IP address will be registed on at least one of the blacklist and you will start getting email problems.? In order to prevent this happening, testing on a regular basis is quite important to a system administrator.? Here is a simply procedure to test if the relay on your mail server is opened.
- In Dos-prompt window, type telnet domain-name.com 25 to open a SMTP session.
- helo
250 Hello domain-name.com
- mail from: kent@kjctech.net
250 OK
- rcpt to: chen@kjctech.net
250 OK
- rcpt to: gates@microsoft.com
550 Relaying Prohibited.
A 550 response code stats that relaying is prohibited, you are safe. If it doesn't, your server is an open relay, close it right away.
To test an authenticated relay, after you get 550 response code, type auth login to provide the username and password, and after you successfully authenticate, type the command listed on step 5 again.? This time, you should see a 250 response stating that relaying with authentication is permitted.? Please notice that on some Active Directory based windows environment, type domain\username as the username.
As you develop your testing scenarios to guard against SMTP relays, make sure you document them, then intergrate them as a standard operating procedure to be performed periodically. In most environments, multiple people can make changes, which increases the risk that the system could be mis-configured. Test often to ensure that the system's relay security hasn't been compromised.