No Gravatar

Excerpt from MS Knowledgebase article:

http://support.microsoft.com/kb/304897

How to test for relay

You can test your SMTP server to determine if it is configured to relay e-mail messages. In the following examples, relay tests 1 through 5 are not accepted by the SMTP server and are immediately rejected. Tests 6 and 7 are accepted by the STMP server, but the e-mail message is not relayed and the server eventually generates an NDR (Non Delivery Report).

To run the following relay tests, first start a Telnet session and connect to port 25 on your SMTP server:

  1. Start a command prompt.
  2. Type telnet ServerName 25, where ServerName is the SMTP server name or IP address and 25 is the port number, and then press ENTER.
  3. Type EHLO, and then press ENTER.

Relay test 1

This is the standard test for SMTP relay. An SMTP client must not be permitted to relay in this manner unless the administrator has specifically permitted it, or unless the client first authenticates. To do this test, follow these steps:

  1. At the Telnet session prompt, type RSET.The telnet session responds with text that is similar to the following:

250 2.0.0 Resetting

  1. Type MAIL FROM:UserName@DomainName.tld, where UserName is the name of the user, DomainName is the name of the domain, and tld is the top level domain such as .com or .net.The telnet session responds with text that is similar to the following:

250 2.1.0 UserName@DomainName.tld….Sender OK

  1. Type RCPT TO:RecipientName@DomainName.tld, where RecipientName is the e-mail address of the recipient.The telnet session responds with text that is similar to the following:

550 5.7.1 Unable to relay for RecipientName@ DomainName.tld

Relay test 2

This test is almost the same as relay test 1, but the sender is a local user instead of a user in a remote domain. Because FROM addresses are generally used to gain unauthorized access to a system, the server must not relay the e-mail message. To do this test, follow these steps:

  1. At the Telnet session prompt, type RSET.The telnet session responds with text that is similar to the following:

250 2.0.0 Resetting

  1. Type MAIL FROM:LocalUser, where LocalUser is a local e-mail name for a user account in the domain, and then press ENTER.The telnet session responds with text that is similar to the following:

250 2.1.0 LocalUser@DomainName.tld….Sender OK

  1. Type RCPT TO:RecipientName@DomainName.tldThe telnet session responds with text that is similar to the following:

550 5.7.1 Unable to relay for RecipientName@DomainName.tld

Relay test 3

This test is for a NULL or blank FROM envelope address. NDRs and other notifications have a NULL FROM envelope address. However, notifications must not be relayed unless the domain in the TO address is a local domain. To do this test, follow these steps:

  1. At the Telnet session prompt, type RSET.The telnet session responds with text that is similar to the following:

250 2.0.0 Resetting

  1. Type MAIL FROM:<>, and then press ENTER.The telnet session responds with text that is similar to the following:

250 2.1.0 <>….Sender OK

  1. Type RCPT TO:RecipientName@DomainName.tldThe telnet session responds with text that is similar to the following:

550 5.7.1 Unable to relay for RecipientName@DomainName.tld

Relay test 4

This test is the same as relay test 2, but the local domain is explicitly added to the e-mail address. An SMTP server that is closed for relay must not relay this e-mail message. To do this test, follow these steps:

  1. At the Telnet session prompt, type RSET.The telnet session responds with text that is similar to the following:

250 2.0.0 Resetting

  1. Type MAIL FROM:UserName@DomainName.tld, where DomainName is the name of the local domain, and then press ENTER.The telnet session responds with text that is similar to the following:

250 2.1.0 UserName@DomainName.tld….Sender OK

  1. Type RCPT TO:UserName@DomainName.tld, and then press ENTER.The telnet session responds with text that is similar to the following:

550 5.7.1 Unable to relay for UserName@DomainName.tld

Relay test 5

This test is also the same as relay test 2, but the IP address of the server is used instead of the domain name. Although this address format is generally accepted, the server must not accept relay to a remote domain. In various other tests that use “localhost” or the Domain Name System (DNS) name of the server in the FROM address, the server must not relay e-mail messages that use this approach. To do this test, follow these steps:

  1. At the Telnet session prompt, type RSET.The telnet session responds with text that is similar to the following:

250 2.0.0 Resetting

  1. Type MAIL FROM:UserName@10.10.10.10, and then press ENTER.The telnet session responds with text that is similar to the following:

250 2.1.0 UserName@10.10.10.10….Sender OK

  1. Type RCPT TO:UserName@DomainName.tld, and then press ENTER.The telnet session responds with text that is similar to the following:

550 5.7.1 Unable to relay for UserName@DomainName.tld

Relay test 6

This test is specifically for older UNIX-based servers that route e-mail messages by appending the local domain and changing the at sign (@) to a percent symbol (%). The server then relays the mail. Because a percent symbol (%) is a valid character in the local part of the e-mail address, the SMTP server may accept the message and then send an NDR if the directory lookup fails. Microsoft SMTP products are not vulnerable to this kind of relay because the message is not forwarded and an NDR is generated. To do this test, follow these steps:

  1. At the Telnet session prompt, type RSET.The telnet session responds with text that is similar to the following:

250 2.0.0 Resetting

  1. Type MAIL FROM:UserName, and then press ENTER.The telnet session responds with text that is similar to the following:

UserName@DomainName.tld….Sender OK

  1. Type RCPT TO:UserName%DomainName.tld, and then press ENTER.The telnet session responds with text that is similar to the following:

250 2.1.5 UserName%DomainName.tld@DomainName.tldUserName@DomainName.tld

Note The local domain is appended to the recipient domain in the e-mail address.

Relay test 7

This test is a variation of relay test 6. Because the quotation mark character (“) is a valid character in the local part of the e-mail address, the SMTP server accepts the message and then sends an NDR if the directory lookup fails. Microsoft SMTP products are not vulnerable to this kind of relay because the message is not forwarded and an NDR is generated. To do this test, follow these steps:

  1. At the Telnet session prompt, type RSET.The telnet session responds with text that is similar to the following:

250 2.0.0 Resetting

  1. Type MAIL FROM:UserName, and then press ENTER.The telnet session responds with text that is similar to the following:

UserName@DomainName.tld….Sender OK

  1. Type RCPT TO:”UserName@DomainName.tld, and then press ENTER.The telnet session responds with text that is similar to the following:

UserName@DomainName.tld“@DomainName.tld

Note The local domain is appended to the recipient domain in the e-mail address.

How to tell whether your SMTP server is closed to relay tests 6 and 7

When you run relay tests 6 and 7 against an Exchange 2000 computer, the tests generate a message to a recipient that does not resolve, and NDRs are received by the mailbox that is specified in Exchange System Manager. You can configure the mailbox for unresolved recipients in the properties of the default SMTP virtual server in the Forward all mail with unresolved recipients to host box on the Messages tab in Exchange System Manager.

The NDRs are evidence that the e-mail messages are not relayed.

Simple fix for Exchange server:

Go into the properties of your SMTP virtual server and check the access/relay tab. make sure that the Only in list below radio button is checked, and that the bottom check box is unchecked. If either of these are checked, Spammers could be using your Exchange server to relay unsolicited email through your network.