Archived Content
This article was written a long time ago and it is no longer being maintained. The contents may not be relevant and links may not work. Thank you for your understanding.
Open relay servers
Badly configured email servers will forward emails not only to their organisation but to anyone—this behaviour is called "open relay". Spammers tend to use these servers to hide their origin to make their identication harder. There are a number of sites that check your server for open relays.
You can access a test at http://www.abuse.net/relay.html. There is a MS KB article about testing your server with Telnet: http://support.microsoft.com/?kbid=324958
Some of the tests include "tricky" smtp addresses like relaytest%[email protected] to make the server relay the email. Exchange will not deliver these mails but seem to accept them thus some of the automated test engines might list the site as "open relay". I have to note that this behaviour is in compliance with the RFCs.
Securing Exchange
ORF can be used to prevent accepting mails addressed to these addresses. Using the regular expression support introduced in version 1.2, you are able to block addresses like these (abuse.net uses these in the RCPT TO: smtp command to send email to):
- relaytest%[email protected]
- relaytest%abuse.net@[dotted.ip.adress]
- "[email protected]"
- "relaytest%abuse.net"
- [email protected]@domain.com
- "[email protected]"@domain.com
- [email protected]@[dotted.ip.adress]
- @domain.com:[email protected]
- @[dotted.ip.adress]:[email protected]
- abuse.net!relaytest
- [email protected]
- abuse.net!relaytest@[dotted.ip.adress]
Add the following regular expressions to the Recipient Blacklist of ORF:
This expression... | ...rejects addresses... |
---|---|
(.*@)+.*@.* | ...with two "@" characters |
.*[\!%].* | ...with an exclamation - "!" - character |
.*[\%%].* | ...with an percent - "%" - character |
^".*"$ | ...enclosed in quotes |
Summary
Exchange 2000 does not allow relaying messages by default and it is RFC compliant. It does seem to accept messages for relaying, however. ORF can be used to change this behaviour and to refuse accepting these messages. After applying these modifications Exchange is able to pass the MAPS open relay test and, in all likelyhood, defeat actual attempts by spammers as well.
Thanks for Matthew J. Allison (Senior IT Architext, Experian) for the original idea.