Could someone tell my if my door is wide open?
May 15, 2007 2:12 AM Subscribe
I believe the mail server associated with my domain name is acting as an open relay. Hosting company claims everything's good. How can I double-check?
I'm building a website to advertise my services as a freelance translator, and to that effect I recently bought a domain name and one year's worth of web hosting at a well-known hosting company. My website is not up yet, but I have now switched all my work-related e-mail to the address associated with my new domain name.
A few days ago, a couple of my clients reported that their spam filters had mistakenly filtered out some of my messages, which worried me enough that I decided to look into possible reasons. It was then that I discovered that the SMTP server provided by my hosting company is apparently accepting all incoming connections without even requesting an username and password. I'm no expert in e-mail protocols, but if I'm not mistaken that's what's commonly called an open relay, which I understand is a very bad thing.
I immediately contacted tech support at my hosting company about this. They insisted that everything is hunky-dory and referred me to this site, which says my mail servers seem to be closed to relaying. I'm not convinced, though: right now, using PopCorn (a lightweight e-mail client), I'm consistently able to send e-mail without an username or password and using whatever "From:" and "Reply-to:" address I care to give. Again, I'm not an expert, but this doesn't look right to me.
For the record, the SMTP server will take my username and password if I bother to give one - it just seems to send the e-mail just as well if I don't. If I try to login with SSL, Outlook does warn me that "The certificate's CN name doesn't match its passed value", but it behaves normally if I choose to ignore it.
Right now I'm quite concerned about my mail server being blacklisted, used to relay spam, used to spoof my e-mail address or any combination thereof. Could the networking experts in the Hive Mind confirm whether the symptoms I have described are indeed something to be concerned about?
If this is as worrying as I have so far assumed it is, what are my options apart from switching to a different hosting provider?
Thanks in advance everyone!
I'm building a website to advertise my services as a freelance translator, and to that effect I recently bought a domain name and one year's worth of web hosting at a well-known hosting company. My website is not up yet, but I have now switched all my work-related e-mail to the address associated with my new domain name.
A few days ago, a couple of my clients reported that their spam filters had mistakenly filtered out some of my messages, which worried me enough that I decided to look into possible reasons. It was then that I discovered that the SMTP server provided by my hosting company is apparently accepting all incoming connections without even requesting an username and password. I'm no expert in e-mail protocols, but if I'm not mistaken that's what's commonly called an open relay, which I understand is a very bad thing.
I immediately contacted tech support at my hosting company about this. They insisted that everything is hunky-dory and referred me to this site, which says my mail servers seem to be closed to relaying. I'm not convinced, though: right now, using PopCorn (a lightweight e-mail client), I'm consistently able to send e-mail without an username or password and using whatever "From:" and "Reply-to:" address I care to give. Again, I'm not an expert, but this doesn't look right to me.
For the record, the SMTP server will take my username and password if I bother to give one - it just seems to send the e-mail just as well if I don't. If I try to login with SSL, Outlook does warn me that "The certificate's CN name doesn't match its passed value", but it behaves normally if I choose to ignore it.
Right now I'm quite concerned about my mail server being blacklisted, used to relay spam, used to spoof my e-mail address or any combination thereof. Could the networking experts in the Hive Mind confirm whether the symptoms I have described are indeed something to be concerned about?
If this is as worrying as I have so far assumed it is, what are my options apart from switching to a different hosting provider?
Thanks in advance everyone!
(note that the smtp example only tells you anything if you're telnetting in from a different host than the one running the mail server -- it's common for mail servers to not require authentication from localhost)
posted by breath at 2:34 AM on May 15, 2007
posted by breath at 2:34 AM on May 15, 2007
Best answer:
The way this works with Pair (where my e-mail is hosted) is that once you log in (via IMAP, POP, shell, whatever), then your IP is temporarily whitelisted for SMTP access.
Assuming you are already authenticated, it's important to be able to send mail using From: headers from different hosts (for obvious reasons) - so you need more info than that before you can assume it's misconfigured.
Try sending SMTP from an IP address where you've never actually checked your mail.
posted by helios at 2:38 AM on May 15, 2007
The way this works with Pair (where my e-mail is hosted) is that once you log in (via IMAP, POP, shell, whatever), then your IP is temporarily whitelisted for SMTP access.
Assuming you are already authenticated, it's important to be able to send mail using From: headers from different hosts (for obvious reasons) - so you need more info than that before you can assume it's misconfigured.
Try sending SMTP from an IP address where you've never actually checked your mail.
posted by helios at 2:38 AM on May 15, 2007
Yeah, first see if it works when you haven't checked your mail for ages.
There are lots of other possible reasons for delivery problems. Maybe there's a spammer on the server, or a few people incorrectly flagged a newsletter as spam, or the volume of messages to a particular ISP triggered something, or maybe the server doesn't have reverse DNS configured.
posted by malevolent at 4:45 AM on May 15, 2007
There are lots of other possible reasons for delivery problems. Maybe there's a spammer on the server, or a few people incorrectly flagged a newsletter as spam, or the volume of messages to a particular ISP triggered something, or maybe the server doesn't have reverse DNS configured.
posted by malevolent at 4:45 AM on May 15, 2007
Open Relay Test -- There are a lot of similar web site out there...
posted by gadha at 5:02 AM on May 15, 2007
posted by gadha at 5:02 AM on May 15, 2007
Yes, there are plenty of tools on the web to check for Open Relays. I use this one, but gadha's might be equivalent.
posted by stovenator at 5:20 AM on May 15, 2007
posted by stovenator at 5:20 AM on May 15, 2007
Best answer: Some ISPs will use 'SMTP-after-POP'... that is, after authenticating for POP3 mail, for some period of time, they'll allow unrestricted connections from your IP address. It will look like an open relay to you for awhile after getting your mail... because it is! To really test properly with telnet, you have to turn off your mail client and leave it off for an hour or so, or else test from a completely different IP address.
It's essentially certain that if it were really an open relay, you'd know it. The ISP would know it too. Open relays are usually exploited within minutes, and the Net will start rejecting mail from one within hours. If the antispammers think it's deliberate, whole netblocks can get marked as dirty, so that nobody at the ISP can properly send mail. You would, in other words, be screaming at your ISP that all your mail was getting lost.
When you have issues like this with single, isolated people, it's nearly certain that it's something to do with their spam filter, not your server.
posted by Malor at 5:45 AM on May 15, 2007
It's essentially certain that if it were really an open relay, you'd know it. The ISP would know it too. Open relays are usually exploited within minutes, and the Net will start rejecting mail from one within hours. If the antispammers think it's deliberate, whole netblocks can get marked as dirty, so that nobody at the ISP can properly send mail. You would, in other words, be screaming at your ISP that all your mail was getting lost.
When you have issues like this with single, isolated people, it's nearly certain that it's something to do with their spam filter, not your server.
posted by Malor at 5:45 AM on May 15, 2007
I wouldn't necessarily assume the worst here, either.
You can look up the IP of your mailserver on the Distributed Sender Blackhole List, but chances are you'd know immediately if there was a serious problem, like Malor said.
Stuff gets bounced into the spam folder sometimes. It's going to happen occasionally.
Anyway, if you're really paranoid, there are third party mail services available. Even google provides one now...
posted by ph00dz at 6:02 AM on May 15, 2007
You can look up the IP of your mailserver on the Distributed Sender Blackhole List, but chances are you'd know immediately if there was a serious problem, like Malor said.
Stuff gets bounced into the spam folder sometimes. It's going to happen occasionally.
Anyway, if you're really paranoid, there are third party mail services available. Even google provides one now...
posted by ph00dz at 6:02 AM on May 15, 2007
Theres no authentication with smtp usually. What happens is that a mail server contacts another and leaves a message. If the receiving mail server is the mail server for foo.com then it will accept all messages addressed to user@foo.com. No authentication needed. (who would authenticate anyway?)
And open relay is when the mail server for foo.com accepts mail for user@bar.com and delivers it. Its openly relaying the mail, thus acting as a proxy for spammers. Both scenarios have no authentication.
Investigating spam filter reasoning is like contempating the mind of a god. You usually have no idea why your message was flagged as spam unless you're one of the admins who runs the spam filter. With a closed source product you have no idea. What criterea does Outlook's spam filter use? Who knows. And it changes monthly.
The real solution here is just learning to live with your emails being flagged as spam now and again and making sure users are taught to check the spam folder frequently. And asking them to whitelist your domain.
Welcome the wonderful world of hosting your own email!
posted by damn dirty ape at 7:06 AM on May 15, 2007
And open relay is when the mail server for foo.com accepts mail for user@bar.com and delivers it. Its openly relaying the mail, thus acting as a proxy for spammers. Both scenarios have no authentication.
Investigating spam filter reasoning is like contempating the mind of a god. You usually have no idea why your message was flagged as spam unless you're one of the admins who runs the spam filter. With a closed source product you have no idea. What criterea does Outlook's spam filter use? Who knows. And it changes monthly.
The real solution here is just learning to live with your emails being flagged as spam now and again and making sure users are taught to check the spam folder frequently. And asking them to whitelist your domain.
Welcome the wonderful world of hosting your own email!
posted by damn dirty ape at 7:06 AM on May 15, 2007
Response by poster: Looks like you're probably right and my mail server is using SMTP after POP, because every test I'm throwing at it is coming up negative. I'll try to telnet from a different computer just to be on the safe side, but I feel distinctly less panicky already.
Thanks for putting my mind at ease, Hive Mind. I'll go back to the time-honoured tradition of blaming the spam filters. :)
posted by doctorpiorno at 7:32 AM on May 15, 2007
Thanks for putting my mind at ease, Hive Mind. I'll go back to the time-honoured tradition of blaming the spam filters. :)
posted by doctorpiorno at 7:32 AM on May 15, 2007
If you can log onto the server, f.i. with ssh, type the following command:
posted by donut at 1:26 PM on May 15, 2007
telnet relay-test.mail-abuse.org
posted by donut at 1:26 PM on May 15, 2007
http://www.dnsstuff.com
Some tools that you can use there.
But they might just be using pop-before-smtp.
posted by drstein at 7:04 PM on May 15, 2007
Some tools that you can use there.
But they might just be using pop-before-smtp.
posted by drstein at 7:04 PM on May 15, 2007
This thread is closed to new comments.
As for remedies, I think switching is pretty much it. You might be able to get their ips blacklisted on some DNSBLs, but that seems more vindictive than useful, and you'd do it after you'd switched anyway.
posted by breath at 2:29 AM on May 15, 2007