Open Relay Checker before Opening MTA

[Daniel McNamara]

Hi there,

Due to a recent ugly incident where one of my work place mail servers was
blacklisted for being an open relay (nothing major it was for some reason
accepting null <> users to send mail bypassing IP range checks) I found out
about a handy place called the Open Relay DataBase.

http://www.ordb.org/

This site allows you to test mail servers (yours or someone else's) and
keeps records of who asked for what tests so if anyone wants full
accountability as well. In my case the ORDB contacted us by email to let us
know that one of our mail servers was a potential open relay and that this
could lead to us being blacklisted by those who use the ORDB system for spam
prevention. After firstly fixing the mistake with out mail server I went
digging and have decided to use the ORDB system to try and prevent our users
from receding spam from known open relays. So far it has been relatively
successful.

The method for doing this is shown clearly in the sites FAQ:

http://www.ordb.org/faq/#usage

It contains instructions for a number of MTA's on how to use their system to
prevent mail from known open relays. Handy stuff. Since this system is
already in place you do not need to re-invent the wheel and as Richard has
pointed out performing your own open relay tests is sitting on shaky legal
grounds as well as possibly violating the AUP of your provider. I'd
recommend using a well known system such as ORDB in order to show that your
doing for spam prevention purposes NOT for spam propagation purposes.

Hope this helps you out.

Cheers

Daniel

----- Original Message -----
From: "Richard Cottrill" <richard_c at tpg.com.au>
To: "Neil Symons" <neil at goldweb.com.au>; <linux at lists.samba.org>
Sent: Sunday, February 10, 2002 2:21 AM
Subject: RE: Open Relay Checker before Opening MTA


> I'm wondering that you might open yourself to potential legal hassles by
> attempting to (even test) if the other server is an open relay. If there
> were a suitably motivated lawyer they might construe it as improper use of
> facilities or some such thing. I'm also a little worried that if this were
> to become a common practice that it might not scale too well. I suppose
> you'd really need an awful lot of servers on board before that happened.
>
> Richard
>
> > -----Original Message-----
> > From: linux-admin at lists.samba.org [mailto:linux-admin at lists.samba.org]On
> > Behalf Of Neil Symons
> > Sent: Saturday, February 09, 2002 1:59 PM
> > To: linux at lists.samba.org
> > Subject: Open Relay Checker before Opening MTA
> >
> >
> >
> >
> > I wonder if there is already something like this out there before
> > I write one myself.
> >
> >
> > When a mail server connect to me, I check my local blacklist to
> > see if server is listed as an open relay, if not, then check my
> > goodlist, if not there then connect straight back at them and do
> > a open relay test.
> >
> > If all successfull, then accept connection and open real Mail
> > Transport Agent (Mail server) and carry on through the e-mail.
> > And add them to my Goodlist
> >
> > If it is found to be open relay, then REJECT e-mail and also
> > e-mail postmaster of domain about what happended.
> > Add site to local blacklist.
> >
> > Once per day/week/month go through each blacklist and whitelist
> > to check if open relay and adjust accordinly.
> >
> > Even though this may use up bandwith, it will at least be less
> > than the amount of junk mail received these days.
> >
> >
> > Does anyone have any suggestions to whether this is a practical
> > thing to do, or simply a stupid thing to do?
> >
> > Open for FLAME / SUGGESTIONS / POINTERS / DISCUSSION
> >
> > -- Neil
> >
> >
> > --
> > +----------------------------------------------------------+
> > > Neil Symons <neil at goldweb.com.au>                        <
> > > Goldweb Internet - (02) 62530059 BH  (0500) 528932 AH    <
> > > ICQ / UIN: 5255597 |  http://www.goldweb.com.au/~neil/   <
> > +----------------------------------------------------------+
> >
>
>