Open Mail Relay - Closing Relays

Closing Relays

In order not to be considered "open," an e-mail relay should be configured to accept and forward only the following messages (details will vary from system to system - in particular, further restrictions may well apply):

• Messages from local IP addresses to local mailboxes
• Messages from local IP addresses to non-local mailboxes
• Messages from non-local IP addresses to local mailboxes
• Messages from clients that are authenticated and authorized

In particular, a properly secured SMTP mail relay should not accept and forward arbitrary e-mails from non-local IP addresses to non-local mailboxes by an unauthenticated or unauthorized user.

In general, any other rules which an administrator chooses to enforce (for instance, based on what an e-mail gives as its own envelope from address) must be in addition to, rather than instead of, the above. If not, the relay is still effectively open (for instance, by the above rules): it is easy to forge e-mail header and envelope information, it is considerably harder to successfully forge an IP address in a TCP/IP transaction due to the three-way handshake that occurs as a connection is started.

Open relays have also resulted from security flaws in software, rather than misconfiguration by system administrators. In these cases, security patches need to be applied to close the relay.

Internet initiatives to close open relays have ultimately missed their intended purpose because spammers have created distributed botnets of zombie computers that contain malware with mail relaying capability. The number of clients under spammers' control is now so great that previous anti-spam countermeasures that focused on closing open relays are no longer effective.