My mail server has recently been identified as an open relay, what should I do?
Mar 13, 2006 10:04 AM
When a message is received and it is to a remote address (to a domain that is not in Domains & Accounts) it must be authorized using one of three relay checks:
Mail Service - Security
1. Is an IP in Relay From: (recommend only private IP's - default)
2. POP3 before send (Default is on)
3. SMTP Auth (Can be used any time by configuring email client)
If the connecting IP is using any one of the above options they will be allowed to relay.
Search your SMTP and POP3 logs for the IP address of the connecting server. If the IP is using POP3 or SMTP to authenticate you will need to identify the account they are using and determine if it's a trusted IP, if not, you should temporarily disable the account so relaying does not continue, or change the password on the account.
If the IP is not using POP3 or SMTP to authenticate then the IP must be in the relay from: field and you need to remove it.