Open Relay Checker before Opening MTA

Matthew Hawkins matthew at
Mon Feb 11 10:22:33 EST 2002

On Sun, 10 Feb 2002, Daniel McNamara wrote:
> Due to a recent ugly incident where one of my work place mail servers was
> blacklisted for being an open relay (nothing major it was for some reason
> accepting null <> users to send mail bypassing IP range checks)

Heh, a misconfiguration based on good intentions.

Note that the internet standard says you MUST accept mail to the null
sender.  This is how bounces are sent.  BUT note that the null sender is
ALWAYS the *envelope* sender, and NEVER the *message header* sender (the
message header sender is usually changed to "MAILER-DAEMON" or sometimes

Some people are confused by the two, and always accept mail to the
message header null sender, making them an open relay.  It's a
surprisingly common misconfiguration.  If you want to be truly correct,
you should, rather, always *reject* mail from the message header null
sender.  It will *never* be null for legitimate mail.


More information about the linux mailing list