.NET Magazine - Ask the Exchange Pros - Eliminate Open-Relay Annoyances


	FTPOnline

Channels

Conferences

Resources

Hot Topics

Partner Sites

Magazines

About FTP

	email article
	printer friendly
	more resources

Eliminate Open-Relay Annoyances
Configure Exchange 5.5's routing restrictions to prevent spammers from sending e-mail through your system.
by Ben Schorr and Jim McBee

September 2002 Issue

Q Some of my users' e-mail is being returned with a notice that says our Exchange 5.5 server is on an open-relay list. How did we get on this list and how do we get off of it?

—Kenneth, Charlotte, N.C.

A Jim: Kenneth, you're experiencing one of the more common problems Microsoft Product Support Services addresses—especially for Exchange 5.5 and the Internet Mail Service (IMS), and to a lesser degree for Exchange 2000. You've asked a big question with lots of dimensions. An open-relay list, also known as a black-hole list or a realtime black-hole list (RTBL), is a list of the IP addresses of SMTP (Simple Mail Transfer Protocol) servers through which any other SMTP server or client is allowed to relay messages. Unscrupulous individuals—spammers—find open relays on the Internet and use them to send thousands, even millions, of unsolicited messages. Someone probably received a spam message from your Exchange server and reported it to one or more of the organizations that maintain open-relay lists.

Ben: Some SMTP servers, virus scanners, and content-inspection systems use open-relay lists as criteria for rejecting inbound SMTP mail. Software such as MIMESweeper, XWall, and Praetor can be configured to check the lists for known spam sources and reject messages from those domains (see Resources). Some of the mail systems your users send mail to probably perform such checking and, as a result, have rejected messages from your server.

Jim: Many in the e-mail community consider open-relay lists to be a "form of terrorism" (not my words). However, I can tell you that since I implemented a system that looks up inbound IP addresses and checks an open-relay database, my personal spam intake has gone from about 35 messages a day to fewer than five. Ninety-nine percent of the rejected messages aren't legitimate.

Ben: Now, finally, we'll tell you how to get off the list. If you examine the nondelivery receipt (NDR) your user received, I bet you'll find the name of the service that lists your IP address. The three primary services are ORDB, which stands for Open Relay DataBase, MAPS, which stands for Mail Abuse Prevention System, and Osirusoft. These sites provide instructions on how to get off of their lists. Your Exchange server might be on more than one. Osirusoft has a link that enables you to test your e-mail server to see if it really is (or still is, if you've attempted to fix the hole) an open SMTP relay; you must connect to this link from your Exchange server for the test to work properly.