Stop Mail Relay

[arvin1844]

example.com is a domain in my server. While testing using telnet, I can see example.com is open for relay and anyone can send mail from example.com without any authentication. How can we stop this?

Please see following test I have done.

#  telnet mail.example.com 25
Trying 10.10.10.10 ...
Connected to mail.example.com.
Escape character is '^]'.
220-mailserver.example.com ESMTP Exim 4.92 #2 Sat, 28 Sep 2019 06:46:11 -0400
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
HELO any.name.com
250 mailserver.example.com Hello any.name.com [1.2.3.4]
MAIL From: <[email protected]>
250 OK
RCPT to: <[email protected]>
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
From: <[email protected]>
To: <[email protected]>
Subject: hello
.
250 OK id=1iEAFE-0002EJ-J2
QUIT
221 mailserver.example.com closing connection
Connection closed by foreign host.

 

[Jcats]

Did you do that locally within the server or you used telnet remotely? If local, try using a remote connection to relay.

 

[arvin1844]

I have tried this remotely. I have tried from many remote locations and all of them worked

 

[Jcats]

Can you PM me the server IP? cPanel by default does not act as an open relay.

 

[quietFinn]

example.com is a domain in my server. While testing using telnet, I can see example.com is open for relay and anyone can send mail from example.com without any authentication. How can we stop this?

Please see following test I have done.

#  telnet mail.example.com 25
Trying 10.10.10.10 ...
Connected to mail.example.com.
Escape character is '^]'.
220-mailserver.example.com ESMTP Exim 4.92 #2 Sat, 28 Sep 2019 06:46:11 -0400
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
HELO any.name.com
250 mailserver.example.com Hello any.name.com [1.2.3.4]
MAIL From: <[email protected]>
250 OK
RCPT to: <[email protected]>
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
From: <[email protected]>
To: <[email protected]>
Subject: hello
.
250 OK id=1iEAFE-0002EJ-J2
QUIT
221 mailserver.example.com closing connection
Connection closed by foreign host.

As far as I understand you are not relaying email, you are connecting to mailserver.example.com and sending mail to [email protected], which is in the same server. You don't need to authenticate to do that.

 

[cPanelLauren]

An open relay is defined as the following:

An open relay (sometimes called an insecure relay or a third-party relay) is an SMTP e-mail server that allows third-party relay of e-mail messages. By processing mail that is neither for nor from a local user, an open relay makes it possible for an unscrupulous sender to route large volumes of spam.

So in order to be a relay your server needs to relay mail for domains that are not on the server. The proper test for this would be to do something like following:

$ telnet server.myserver.us 25
Trying <MYIPADDRESS>...
Connected to server.myserver.us.
Escape character is '^]'.
220-server.myserver.us ESMTP Exim 4.92 #2 Fri, 04 Oct 2019 11:37:51 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
EHLO cpanel.net
250-server.myserver.us Hello cpanel.net [<LOCALIPADDRESS>]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-STARTTLS
250 HELP
MAIL FROM: [email protected]
250 OK
RCPT TO: [email protected]
550-Please turn on SMTP Authentication in your mail client.
550-hou-2.nat.myoffice.net (cpanel.net) [<LOCALIPADDRESS>]:35293 is not permitted
550 to relay through this server without authentication.

Where neither the MAIL FROM: or RCPT TO: domains exist on the server.

You can also use some tools that exist if you'd like to skip having to use telnet, mxtoolbox makes a really reliable Open Relay test which can be found here: Email Server Test - Online SMTP diagnostics tool - MxToolbox