Rounded Top
Password Hint If you have not signed in recently, your password may be your Customer ID. Check your email archives for your Customer ID or reset your password.

Using ORF to Pass MAPS Open Relay Test

Archived Content

This article was written a long time ago and it is no longer being maintained. The contents may not be relevant and links may not work. Thank you for your understanding.

Open relay servers

Badly configured email servers will forward emails not only to their organisation but to anyone—this behaviour is called "open relay". Spammers tend to use these servers to hide their origin to make their identication harder. There are a number of sites that check your server for open relays.

You can access a test at http://www.abuse.net/relay.html. There is a MS KB article about testing your server with Telnet: http://support.microsoft.com/?kbid=324958

Some of the tests include "tricky" smtp addresses like relaytest%abuse.net@domain.com to make the server relay the email. Exchange will not deliver these mails but seem to accept them thus some of the automated test engines might list the site as "open relay". I have to note that this behaviour is in compliance with the RFCs.

Securing Exchange

ORF can be used to prevent accepting mails addressed to these addresses. Using the regular expression support introduced in version 1.2, you are able to block addresses like these (abuse.net uses these in the RCPT TO: smtp command to send email to):

  • relaytest%abuse.net@domain.com
  • relaytest%abuse.net@[dotted.ip.adress]
  • "relaytest@abuse.net"
  • "relaytest%abuse.net"
  • relaytest@abuse.net@domain.com
  • "relaytest@abuse.net"@domain.com
  • relaytest@abuse.net@[dotted.ip.adress]
  • @domain.com:relaytest@abuse.net
  • @[dotted.ip.adress]:relaytest@abuse.net
  • abuse.net!relaytest
  • abuse.net!relaytest@domain.com
  • abuse.net!relaytest@[dotted.ip.adress]

Add the following regular expressions to the Recipient Blacklist of ORF:

This expression... ...rejects addresses...
(.*@)+.*@.* ...with two "@" characters
.*[\!%].* ...with an exclamation - "!" - character
.*[\%%].* ...with an percent - "%" - character
^".*"$ ...enclosed in quotes

Summary

Exchange 2000 does not allow relaying messages by default and it is RFC compliant. It does seem to accept messages for relaying, however. ORF can be used to change this behaviour and to refuse accepting these messages. After applying these modifications Exchange is able to pass the MAPS open relay test and, in all likelyhood, defeat actual attempts by spammers as well.

Thanks for Matthew J. Allison (Senior IT Architext, Experian) for the original idea.