cancel
Showing results for 
Search instead for 
Did you mean: 

Mail server open relay help

cannylad
Grafter
Posts: 98
Registered: 07-08-2007

Mail server open relay help

Hi,
i received an email from the F9 abuse team "It has come to our attention that a source of unsolicited email has bee linked to your account with us"

I have checked my firewall setting,virus checks etc and informed F9,I get a second email " Please advise if you have a mail server that may have an open relay or be possibly infected."

How do i check this? Any advice would be appreciated as I havent a clue how to resolve this problem which I need to solve a.s.a.p.

Thanks
4 REPLIES
N/A

Mail server open relay help

are you running a mail server at all - exchange.. or the smtp service within IIS.

goto http://centralops.net and see if they can send an email through your IP. If they are successful, then it means that anyone can bounce mail off your ip address making it appear that you were the original sender.

Try from a command prompt:

telnet localhost 25 <enter>
helo <enter>
mail from:bob@somedomain.com <enter>
rcpt to:yourmail@yourdomain.com <enter>
data <enter>
. <enter>

If you are unable to do any of that, then your computer is not an active mail relay. If you do get soem response from this, then it might be open for smtp relaying.

Look in start/control panel/admin tools/internet information services.

Look in there for a smtp mail server, if you have one, then you can right click and disable the smtp part of iis.
cannylad
Grafter
Posts: 98
Registered: 07-08-2007

Mail server open relay help

Hi,
The command prompt come back with " telenet" is not recognised as an internal command,and
start/control panel/admin tools/internet information services, does'nt show on my computer Winxp.

I tried the link you sent and the full reply was

Validation results
confidence rating: 3 - SMTP
The email address passed this level of validation
without an error. However, it is not guaranteed to be
a good address. more info
canonical address: <tynesider@tynesider.force9.co.uk>

MX records
preference exchange IP address (if included)
10 mx.core.plus.net [212.159.11.36]
20 mx.last.plus.net [212.159.7.98]

SMTP session
[Contacting mx.core.plus.net [212.159.11.36]...]
[Connected]
220 mx.core.plus.net ESMTP Exim Sun, 27 Nov 2005 12:55:07 +0000
EHLO hexillion.com
250-pih-mxcore17.plus.net Hello port-216-3077865-es150.devices.datareturn.com [216.46.246.233]
250-SIZE 104857600
250-PIPELINING
250 HELP
VRFY tynesider
252 Administrative prohibition
RSET
250 Reset OK
EXPN tynesider
550 Administrative prohibition
RSET
250 Reset OK
MAIL FROM:<HexValidEmail@hexillion.com>
250 OK
RCPT TO:<tynesider@tynesider.force9.co.uk>
250 Accepted
RSET
250 Reset OK
QUIT
221 pih-mxcore17.plus.net closing connection
N/A

Mail server open relay help

that looks like its trying to contact the mail f9 servers.

basically .. you need to see if port 25 is open on your machine...

goto www.grc.com and then load up "Sheilds Up"

Do a port scan on your machine to see if port 25 tcp is open. If it is not, then there is nothing to worry about.
cannylad
Grafter
Posts: 98
Registered: 07-08-2007

Mail server open relay help

Thanks,
I did a check and got this report

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

So it looks good and that port 25 is ok.
Wonder why F9 sent me such an email in the first place?

Thanks very much for helping me out with the problem,I can relax now that I know its ok.

Cheers
Tynesider Cheesy