Checking for an open relay on Postfix


Open relays allow anyone to send email from your mail server. The mail server does not check that it is authorized to send mail from the mail address on the third-party email. What this means is that anyone can send email via your cloud server IP address from any mail address. This is one reason why your IP address ends up on blacklists. Also, your legitimate email is not being received by the people you are sending it to.

By default, the Postfix mail server application does not run as an open relay. However, this does not mean that you should be relaxed in your security checks. Testing for an open relay is easy to do. There are online services that can conduct checks for you, or you can try sending unauthorized mail through the server yourself. This article describes some of your options.

Browser-based checking

Many open relay testing applications are available on the Internet. Type open relay test in any browser to find out more information about open relays.

One service is located at http://mxtoolbox.com/diagnostic.aspx.

For this service, you enter your mail domain in the Mail Server field. If you receive an error like Invalid hostname, your server passed the test (in other words, it didn't agree to relay email).

Checking with a mail client

Another way to test your SMTP server is to set up a machine that shouldn't be allowed to use the server and try to send email through it.

You can use your workstation for this test, assuming that you haven't configured your SMTP server to allow it access. If you have, temporarily remove it from the permissions list for this test.

Configure your mail client to use your server as its outgoing (SMTP) mail server. Don't enter authentication information, just use the server address.

Then, try to send a message. You can address it to anyone (even yourself); just ensure that the address isn't one that is handled by the mail server that you are testing.

If the email goes through, you have an open relay. If the email is bounced back to you, you know that your mail server isn't letting just anybody send messages through it.

Restore your mail client's settings to what they were before you changed its outgoing mail server.

Summary

By default, Postfix does not run as an open relay. However, checking for one is simple and helps to reduce the chances of your server IP address ending up on a spam blacklist.

As soon as you install and set up any mail server, testing for an open relay is one of the basic checks that you should perform. For more information about setting up a mail server on Linux, return to the first article in this series about installing and configuring Postfix.



Was this content helpful?




© 2015 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License


See license specifics and DISCLAIMER