How to verify that the server is not acting as an open relay?

Created:

2016-11-16 12:40:03 UTC

Modified:

2017-08-08 13:23:34 UTC

1

Was this article helpful?


Have more questions?

Submit a request

How to verify that the server is not acting as an open relay?

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk 11.0 for Linux
  • Plesk 11.5 for Windows
  • Plesk 11.5 for Linux
  • Plesk 12.0 for Windows
  • Plesk 12.0 for Linux

Symptoms

Everyone can send mail from the server without authorization. How to stop it?

Diagnostics

To check if the server is really acting as an open relay try to connect to it from another server and send a message to an external email address:

# telnet <YOUR_SERVER_IP> 25
Trying <YOUR_SERVER_IP>...
Connected to <YOUR_SERVER_IP>.
Escape character is '^]'.
220 hostname ESMTP Postfix
mail from: john.doe@example.com
250 2.1.0 Ok
rcpt to: john.doe@example2.com
554 5.7.1 <john.doe@example2.com>: Relay access denied

If you see an output similar to the one shown above, your server is not an open relay. Otherwise, if you see a reply like 250 2.1.5 Ok , then the server, indeed, is acting as an open relay and you need to proceed to the resolution part below.

Note: When sending messages to an email address hosted on the same server authorization is usually not required, and such behavior is not considered as an open relay. The same applies to sending messages locally from the server.

Resolution

If you find that your server is acting as an open relay, please check the following:

  1. Go to Tools & Settings -> Mail Server Settings and check the relaying setting in the server-wide mail preferences:

    It should be set authorization is required .

  2. On the same page check the white list and make sure that there are no unwanted IPs/networks. By default, the list should contain only 127.0.0.1/8 or 127.0.0.1/32 or ::1 / 128 . This record means that authorization is required for all IPs except 127.0.0.1 and ::1 / 128 . That allows mail to be sent via Webmail.
Have more questions? Submit a request
Please sign in to leave a comment.