How to stop mail server being an open relay

book

Article ID: 179041

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

 

Resolution

It's been highlighted that an email server is an open relay and have been requested to switch off this configuration.

A server that is configured as an open relay posses a real threat to become compromised. Open Relay means that you have a configuration within your email server that will allow any outside connection relay emails via your mail server to the outside world.

With various types of email servers being used we will only cover the most common. If your email server does not appear on this list we'd recommend you referring to the manufacturers support for assistance.

Exchange 2007 & 2010:

If you have an Exchange 2007 or Exchange 2010 server and you discover that you are an Open Relay, there is a very simple command that you can run from the Exchange Management Shell to close this down.

The command is:

Get-ReceiveConnector "YourReceiveConnectorName" | Remove-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Replace "YourReceiveConnector" with the name of your Receive Connector and then run the command.

Exchange 2013 onwards:

For Exchange 2013 please refer to the following guide from Microsoft here

Lotus Domino:

To configure a Lotus Domino server from being an Open relay please do the following:

  1. Go to the Router/SMTP tab > Restrictions and Controls Tab > SMTP INbound Controls Tab > and in the Inbound Relay Controls Section set the following to an Asterisk (*)
  • "Deny Messages to be sent to the following external internet domains:" (* means all)
  • "Deny messages from the following internet hosts to be sent to external domains:" (* means all)

Testing if you are still an open relay.

There are many external sites that offer Open Relay checks a simple search online will provide you a selection. One of the better ones out there is on MX Toolbox here