What is an open SMTP relay server?
before understanding “what is an open SMTP relay server?” one should know what an “SMTP relay server” is? . If that is the case, then no issues, you can click on the below links to know more about it.
WTF is an SMTP relay and why is it called relay?
SMTP relay service a complete guide
So to put simply, an SMTP relay server is software used to send emails over the Internet. The SMTP servers are protected by username and password in order to avoid unauthorized use. Unfortunately, when these servers are not protected then they are called as an open relays.
For using an SMTP server you should have an SMTP client software. With the help of a client software one can create email and sometimes these softwares (in case of bulk mailing) also allows you to upload or assign a list of email addresses. You will then need to configure your SMTP relay server’s host, port, username, and passwords to these SMTP client softwares in order to make them work.
In old days all were Good And all were Open
Do you know? that back in the old days, when the Internet was newly born, most of the SMTP servers were just open relays. Until, spammers started to abuse them 🙁
Why is it important to avoid an open relay SMTP server?
An open relay server is like keeping your home door unlocked and waiting to get robbed. The open relay server is bad because of the following reasons:
- The spammers can use it to send spam to legitimate users
- The scammers and criminals can use to send scam, viruses, etc
- It takes lots of hard work and time to earn a good reputation for a sender IP. These reputation will get lost in no time if someone sends spam through it and it gets very difficult to earn it back.
Who creates an open relay SMTP server?
Of course, no one intentionally creates an open relay. It gets created due to a misconfiguration. Like using an old mail server softwares (which comes with default config to forward email belonging to any domain without authentication) or due to a misconfiguration like accepting emails from any host without any authentication.
How to check if your SMTP relay server is an open relay?
Open relay server is a SMTP server without any authentication. So you will need to check if you can send emails to any other domain using your SMTP server without any authentication.
There are 2 ways you can test if a server is an open relay or not:
1. Test an open relay SMTP using an online tool
2. Test an open relay SMTP yourself by using command line
Test an open relay SMTP using an online tool
Please follow the below given steps:
First visit below link of mxtoolbox – open relay SMTP test:
Then follow as per the instructions in the image:
Then check for the results. The MxToolBox also performs an open SMTP relay test. If your server is not an open relay then it will give result like in the below image:
Test an open relay SMTP yourself by using command line
You can find an open relay SMTP server using command line with telnet.
Lets test if Gmail’s SMTP server is an open relay (of course its not, it is just for educational purpose)
Type below commands:
telnet: open alt2.gmail-smtp-in.l.google.com 25
Server response:
220 mx.google.com ESMTP n4si549684wru.108 - gsmtp
Type next command
EHLO tester
Server response:
250-mx.google.com at your service, [165.227.86.208] 250-SIZE 157286400 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8
Type below command:
MAIL FROM:<tester@gmail.com>
Server response:
250 2.1.0 OK n4si549684wru.108 - gsmtp
Type below command:
RCPT TO:<tester@yahoo.com>
Server error response:
550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 https://support.google.com/mail/?p=NoSuchUser n4si549684wru.108 - gsmtp 2020-02-17 16:07:46 SMTP ERROR: RCPT TO command failed: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 https://support.google.com/mail/?p=NoSuchUser n4si549684wru.108 - gsmtp
If the above response would be something starting from code 250 with some success message like “250 2.1.0 OK xxx – gsmtp”. Then the server is an open relay server.
Now end the SMTP conversation
QUIT
Server response:
221 2.0.0 closing connection n4si549684wru.108 - gsmtp
How spammers found open SMTP relay servers online?
So if you think that nobody knows about your server IP or domain name, then it’s a misconception because they (spammers) scan all the IP addresses on the internet again and again.
The spammers found open SMTP relay servers online by scanning on port 25 of all the IP addresses on the Internet. If they find it open then scanner software tries sending an email. If that server accepts the mail then the scanner software disconnects (without actually sending an email) and then adds the IP address to the list of the open relay SMTP server list.
Now, you may think how is it even possible to scan all the IP addresses on the Internet? But sorry, the answer is yes, it is possible. Because, the total number of IP addresses theoretically possible is around 4 Billion. Which is a big number but not too big.
IP Address (version 4): {1 to 256 } . {1 to 256 } . {1 to 256 } . {1 to 256 }
So total different combinations can be 256 x 256 x 256 x 256 = 4 Billion (approx.).
Additionally, there are many IP which can not be used as public IP. So total available IP addresses which can be run as a SMTP server are even lesser.
Open relay SMTP server list
The open relay SMTP server list were used to get published over the internet. No, it was not published in order to help spammers :p. But to prevent the Spam. The Block-list provider and business email providers are supposed to store this list and prevent any emails entering into their system from the IP addresses content in the open relay list. However, as Open relay problem become less problematic then these types of list lost their importance and eventually got stopped (example: Open Relay Database – ORDB)
Currently, the open relay SMTP server list is still internally maintained by many Domain Based Blacklists (example: SORBS – The Spam and Open Relay Blocking System)
Conclusion:
Open SMTP relay server is a bad thing and you should avoid it at any cost.
The SMTP servers were started this way but then turned into a problem. Later, when the problem become less in occurrence due to awareness and improvements in software.
So this was all about open relay SMTP server.
Thank you for reading 🙂
Keep checking because I will be adding more stuff to this post.