Open Relay Exchange

7/27/2019 Open Relay Exchange

1/12

Home Buy Download Details Support

Blocking Open Relays

Table of Contents

An increasing number of spammers are exploiting open e-mail relays to send spam and

disguise the true source of their messages. Open relays are e-mail servers that are configured

to accept and transfer e-mail on behalf of any user anywhere, including unrelated third

parties. If your computer acts as an open relay, it allows any e-mail sender anywhere to send

messages.

How spammers detect open relays

Spammers use automated software to scan the Internet trying to find open relays. If they find

out that your server is open, they will probably send spam through it. The software they are

using scans a range of Internet IP addresses by trying to establish a network connection on

port 25. If the connection succeeds, an IP address is listed and used for sending.

There are at least two advantages for the spammers:

This technique lets spammers hide their identities because it appears that the spam

actually comes from you. This makes extremely hard to track them down.

It is virtually impossible to get caught by their ISP. All ISPs deny sending spam from

their networks. If the spammers cannot be tracked down, they cannot be reported to

their ISP which would broke down their account anyway, because of violating the

Acceptable User Policy.

Recipients of the spam sent from your computer could flood your server with complaints. The

spam and resulting e-mail traffic could overwhelm your system. If you are maintaining an

open relay, you are leaving your door open to the theft of your computer services.

How ISPs reject messages from open relays

When you send messages from an SMTP server running on your computer, some ISPs perform

a relay check. They identify your computer's IP address and try to establish a connection toport number 25 which is the port used to send e-mail. If the server on your computer accepts

the connection - your message is rejected.

Detection

PostCast Server has a feature that allows you to check if your computer runs as an open relay.

Open the Setup Wizard from the Tools menu and press the "Open Relay" button in the

Network Diagnostics step:

Blocking Open Relays http://www.postcastserver.com/help/Blocking_Open_Relays.aspx

1 of 4 16/03/13 23:38


2/12

Solutions

Accept only connections from local computer or LAN

When you enter your Internet IP address in the Host Name text box in the Settings screen,

everyone can connect to the server from the Internet. You can run the server using the

Internet IP address, but you need to either change the port number or allow access only to

certain IP addresses.

If you do not need to accept connections from the Internet, select the LAN IP address or

127.0.0.1 in the Host Name drop down list in the Settings screen:

Change the port number

Change the number of the port from 25 to some random number (1-65535). Instruct the

users to change the settings in their e-mail programs. This will trick the IP scanner software

because your port 25 will be closed and your computer will not respond to their queries. Make

sure that no other SMTP server software is running on your system, including "Simple Mail

Transport Protocol (SMTP)" service if you are running Windows NT, 2000, XP, or 2003:


2 of 4 16/03/13 23:38


3/12

Restrict access to a list of IP addresses

The basic way to implement e-mail relay protection is to configure your e-mail server to allow

only certain TCP/IP addresses and address ranges to relay through your server. With this

technique, your e-mail server will reject any relay attempt from TCP/IP addresses outside ofyour network.

If, for example, computers on your network have IP addresses that begin with 192.168.0, go

to Tools>Settings>Security and enter that as a value in the "Allow access ONLY for users with

these IP addresses" list:

Anti-Spam Methods:

Overview

Port 25 Blocking

Internet Black and White Lists


DNS Lookups


3 of 4 16/03/13 23:38


4/12


Port 25 Blocking

Table of Contents

Many ISPs are blocking what is called "Port 25" which is the port used to send e-mail. They are

doing this to cut down on the amount of spam that is sent from their networks.

All e-mail sent via the Internet is routed through the port 25, the channel used for

communication between an e-mail client and an e-mail server. Even though port 25 blocking

will probably become an industry standard, however, the filter can create problems for e-mail

servers and block legitimate e-mail as well as spam.

Port 25 blocking allows ISPs to block spam sent out through their networks, but it tends to

punish the innocent that have a need to send through e-mail servers other than those

belonging to their ISP. The ISPs that block port 25 require their SMTP server to be used

instead of the remote SMTP server or a SMTP server running on your computer.

How the port 25 is used

All e-mail sent via the Internet is routed through port 25. When an e-mail server that runs on

your computer delivers messages, it always uses port 25 to transmit data to remote e-mail

servers. Therefore, if your ISP is blocking the port, your messages will not get through. There

are two different ways the port 25 is being used by PostCast Server:

Incoming Connections

PostCast Server uses port 25 to accept incoming connections from e-mail clients. You can

freely change that value in both server and client program and everything will continue to

work because all TCP/IP connections are directed to your computer. Unless you block

connections to your computer, the program will accept messages using any port number you

specify (1-65535).

Outgoing Connections

PostCast Server also uses the port 25 for sending. It connects to remote servers and delivers

the messages from the Outbox folder. Exactly the same rules apply except that every remote

server expects the connection ONLY on port #25. This is the standard port number and while

you can change the port number in the program to allow clients to send the messages

internally, the remote servers always use port 25. If your ISP blocks remote connections to

port 25, you cannot send any messages. PostCast Server will not be able to connect to the

remote servers.

ISPs that block Port 25

This list contains some of the major ISPs that block port 25 on their servers:

AT&T

(can be MindSpring

Port 25 Blocking http://www.postcastserver.com/help/Port_25_Blocking.aspx

1 of 4 16/03/13 23:39


5/12

unblocked

at the

request)

BellSouth MSN

CableOne NetZero

Charter People PC

Comcast

ATTBISprynet

Cox Sympatico.ca

EarthLink Verio

Flashnet Verizon

MediaOne

Related News Stories

Anti-spam tool brings MSN under fire: http://www.zdnet.com/zdnn/stories

/news/0,4586,5080821,00.html

Hotmail spam filters block outgoing e-mail: http://news.com.com

/2009-1023-251171.html?legacy=cnet

MSN filter sparks subscriber ire: http://news.com.com

/2100-1023-255459.html?legacy=cnet&tag=bplst

Detection

You can detect whether your ISP blocks port 25 using the Setup Wizard in PostCast Server. In

the Network Diagnostics step, press the "Port 25 blocking" button to run the test:

You can also see if the port is blocked by running a telnet command:

Press Start/Run and enter:

telnet://[emailserver]:25

Replace [emailserver] with the address of any external e-mail server. For example:

mx1.hotmail.com

mail.telenet.net.au

Do not use your ISP's e-mail server address. If the port is not blocked, you should receive a


2 of 4 16/03/13 23:39


6/12

response starting with the '220 ' string.

Solutions

To bypass the port 25 blocking you have these options:

Use a different ISP

You can use a different ISP to connect to the Internet. Smaller local ISPs usually do not block

Port 25. Here are some web sites that can help you find thousands of ISPs:

http://www.findanisp.com/

http://www.thelist.com/

http://www.isps.com/

Use socks proxy servers

You can send e-mail using the socks proxy access to a computer on the Internet. This feature

enables you to relay e-mail through other servers. When the message is sent using a

third-party socks proxy, your IP address does not appear as the source of the message.

The best solution is to connect to your ISP's socks proxy directly if it is provided by the ISP.

Some ISPs offer access to their socks proxy server. See if your ISP provides socks proxy

access in the support section on their web site. If they do, you can use their socks proxy

server address to configure the program to send messages. Their server's (non-dynamic) IP

address will be the source of your outgoing messages instead of your dynamic IP address

assigned to your computer at the moment your Internet connection is established.

Use backup SMTP servers

You can specify one or more backup SMTP servers and instruct the program to forward all

messages to them. This is not a complete solution because the program will still be unable to

send messages from your computer. For more information, see SMTP Gateways.

If you do not need to send messages

If you only want to receive messages sent to the server you can use the "Mail Reflector"

service offered by no-ip.com. This service enables them to be the primary e-mail exchanger

for your domain. When e-mail destined for your domain arrives at their servers, they forward

it on to your inbound e-mail server, which can be on a different (and unblocked) port of your

choosing. Price is $39.95 per Year. See this web page for more information: http://www.no-

ip.com/services/mail/reflector

Anti-Spam Methods:

Overview

Port 25 Blocking




3 of 4 16/03/13 23:39


7/12


DNS Lookups

Table of Contents

This method tries to eliminate spam sent by e-mail servers connected through Internet dial-up

connections, as well as most ADSL and cable connections. IP addresses of those connections

are usually not registered to any DNS as a qualified host meaning that they do not have their

own static IP and a registered host name like mail.domain.com.

A DNS lookup uses an Internet domain name to find an IP address, where a reverse DNS

lookup is using an Internet IP address to find a domain name. Reverse DNS lookup technique

is able to identify if the sending e-mail server is legitimate and has a valid host name.

Many spammers use misconfigured hosts to disguise the source of the spam. A DNS query

that does not recover a matching host name and IP address is a good indication that the

message is spam.

DNS lookup is not always a good solution. Many legitimate e-mail servers are incorrectly

configured, or have intentionally not registered a name with DNS, so a reverse query does not

return a matching host name. Also, this anti-spam method runs DNS queries on a large

number or e-mails and consumes valuable network resources. A number of problems,

including network delays and improperly configured networks or servers, can prevent

legitimate messages from getting through the filter. In January 2003, AT&T WorldNet started

using reverse DNS and was forced to remove the filter just 24 hours after it was deployed,after subscribers reported that messages were going undelivered.

Ways to do DNS lookups

Reverse DNS lookup

This method is time-consuming and it is rarely used. The receiving server performs a reverse

DNS lookup on the IP address of the incoming connection and checks if there is a valid domain

name associated to it.

HELO lookup

The receiving server will get the host name of the sending e-mail server from the SMTP HELO

command, perform a simple DNS query (forward DNS lookup) and verify that the IP address is

indeed the IP address of the incoming connection. If the resulting IP address does not match

the incoming connection IP address (sender's IP address), e-mail is rejected.

Sender's address lookup

When ISPs check whether an incoming e-mail is accepted, they can do a DNS check on the

sender's e-mail address. For example, if your address is , then the ISP does an nslookup on

domain.com. If no records are found - the message is rejected.

A variation of this method is checking if there is an MX DNS record of the domain.com. MX

DNS Lookups http://www.postcastserver.com/help/DNS_Lookups.aspx

1 of 3 16/03/13 23:44


8/12

record returns an address like mx1.domain.com used to connect to the server that accepts

messages for domain.com. Even if the domain in the sender's e-mail address is valid, but

there is no e-mail server for domain.com - the message is not accepted.

Solutions

The solution depends on which method is used to block spam.

1. Reverse DNS lookup

Get a domain name

To get a domain name for your dynamic IP address you can use the no-ip.com DNS

service which enables you to host a server using a dynamically assigned IP address.

When you send messages, if any of ISPs perform a reverse DNS lookup of your IP

address, they will always get a valid domain name and accept messages sent from your

computer.

The basic service is free, but the names are sub domains of names already registered by

No-IP like: "servequake.com" or "myvnc.com". For more information, visit this web

page:

http://www.no-ip.com/services/page/free/dynamic/dns

No-IP Plus enables you to use your own, separately registered domain name. The price

for one year is $24.95:

http://www.no-ip.com/services.php/page/plus


The Professional Edition of PostCast Server has a feature that allows you to specify one

or more backup SMTP servers. If only certain domains are unable to receive messages

from PostCast Server, you can use this option to forward those messages to your ISP's

SMTP server. Open the Settings/Undelivered/Gateways window to configure this feature.

For more information, see SMTP Gateways.


This feature enables you to relay e-mail through other servers. When the message is

sent using a third-party socks proxy, your IP address does not appear as the source of

the message. The best solution is to connect to your ISP's socks proxy directly if it is

provided by the ISP. Their server's (non-dynamic) IP address will be the source of youroutgoing messages. For more infromation, see Firewall and Proxy Support.

2. Sender's address lookup

Make sure that e-mail address in the From field of your messages is always valid.

3. HELO lookup

AOL, Hotmail, Yahoo, and some other ISPs perform a HELO lookup when receiving

messages. If the lookup is not successful, they simply reject to deliver the message to

the recipient without sending any error message. There are three possible ways to solve

this problem.


2 of 3 16/03/13 23:44


9/12

1. You can select the "Resolved Internet IP" option in the HELO handshaking settings in

the Settings/Advanced screen. The program will perform a DNS query to find out which

address points to your IP. This option sometimes does not return the correct values if

you are behind a router. If that is the case, you can use the http://network-tools.com/

service to check your IP address and look for "Host name" which should then be copied

into the "Use this Identification" box in HELO handshaking settings.

2. Try to change the server identity in the HELO handshaking settings in the

Settings/Advanced screen to the "mail.domain.com" format. For example, if your ISP

provides e-mail address such as [email protected], set the HELO handshaking

identification to mail.domain.com. Try also with only 'domain.com' format.

3. If you have a domain name that points to your computer's IP address, then enter that

domain name in the HELO handshaking settings in PostCast Server. You can use the

no-ip.com service to host a domain name on your computer.

Anti-Spam Methods:

Overview

Port 25 Blocking



DNS Lookups

Home | Buy | Download | Details | Support

1997-2013 Oricode, Inc. All rights reserved. | Privacy Statement


3 of 3 16/03/13 23:44


10/12



Table of Contents

Two of the least effective and most damaging methods for fighting spam are white lists and

black lists. In many cases, these lists harm innocent people and prevent critical business

e-mail from being delivered. One of the drawbacks is that if you block an entire domain, you

may be blocking as much as 90 percent of wanted e-mail while blocking only 10 percent of

unwanted spam.

If you are sending e-mail from an e-mail server on your computer and your IP address is on

one of the lists, that can affect you in two ways:

Your messages cannot be delivered if a recipient's e-mail server checks IP addresses of

incoming connections against black and white lists.

If your messages are successfully delivered to recipients, they can run an anti-spam

software that uses black lists to categorize your messages as spam. Your e-mail can end

up in a folder for spam or be deleted and will probably never be read.

Black lists

A spam black list is a list of IP addresses and domains of known spam e-mail servers. Black

lists are used to block all e-mail that comes from certain servers on the Internet that havebeen identified as being used to send spam.

A well-known black list is hosted by SpamCop, located at www.spamcop.net. Another one is

Open Relay Database, located at www.ordb.org. Many anti-spam products also maintain their

own black lists and include optional subscriptions to third-party black list services.

White lists

White lists are the opposite of blacklists. They list trusted e-mail addresses and domains that

are always allowed to send e-mail, no matter what the content is. White lists are used to

require that senders authenticate their identity prior to e-mail being delivered to the recipient.

White lists will definitely allow e-mail coming from a trusted site to come through, but do not

provide a solution for blocking spam. White lists require constant maintenance to be very

effective. If not properly maintained, the risk of losing e-mail from legitimate sources is high.

Dial-up Lists (DUL)

Some ISPs block access to their servers if the incoming connections originate from dynamic IP

addresses. Their goal is to force users that are running e-mail servers on their dial-up

connections to send all outgoing e-mail through their ISP's e-mail server. If you send

messages from PostCast Server using a dial-up connection, you will probably experience this

problem with AOL.

Internet Black and White Lists http://www.postcastserver.com/help/Internet_Black_and_Whi...

1 of 3 16/03/13 23:45


11/12

A well-known DUL list is MAPS Dial-up User List:

http://mail-abuse.org/dul/

Detection

PostCast Server has a feature that allows you to check if your computer's IP address is

blacklisted. The program uses a DNSbl service that lets you check whether a particular IP

address is being blocked by any of more than 100 anti-spam services: http://www.dnsbl.info/

Open the Setup Wizard from the Tools menu and press the "Blacklisted IP" button in the

Network Diagnostics step:

You can also see the status of the IP address you are using if you visit this location:

http://dnsbl.info/lookup.asp?IP=[IPADDRESS]

Replace [IPADDRESS] with your Internet IP address. You can get the correct value by pressing

CTRL+I in PostCast Server or by visiting http://www.myip.com/ web site.

Solutions

If you are using a dial-up connection, usually a few anti-spam services have your IP in their

lists. If you discover that a significant number of black lists have your IP address, you have

these options:

Establish a new connection

Establish a new dial-up connection to your ISP. That usually results in assigning a different

Internet IP address to your computer. Run the test again to see if the new address is also

blacklisted.

Use a different ISP

You can use a different ISP to connect to the Internet. Each ISP has its own range of IP

addresses they assign to dial-up users. There is a good chance that the IP addresses of a

different ISP are not blacklisted. Here are some web sites that can help you find thousands of

ISPs:

http://www.findanisp.com/

http://www.thelist.com/

http://www.isps.com/


2 of 3 16/03/13 23:45


12/12

Ask your ISP for a static IP address outside of the dial-up space

Ask the list maintainers to exclude your host


You can send e-mail using the socks proxy access to a computer on the Internet. This feature

enables you to relay e-mail through other servers. When the message is sent using a

third-party socks proxy, your IP address does not appear as the source of the message.

The best solution is to connect to your ISP's socks proxy directly if it is provided by the ISP.

Their server's (non-dynamic) IP address will be the source of your outgoing messages. For

more information, see Firewall and Proxy Support.


The professional edition of PostCast Server has a feature that allows you to specify one or

more backup SMTP servers. If only certain domains are unable to receive messages from

PostCast Server, you can use this option to forward those messages to your ISP's SMTP

server. Open the Settings/Undelivered/Gateways window to configure this feature. For more

information, see SMTP Gateways.

Anti-Spam Methods:

Overview

Port 25 Blocking



DNS Lookups

Home | Buy | Download | Details | Support

1997-2013 Oricode, Inc. All rights reserved. | Privacy Statement


3 of 3 16/03/13 23:45

Documents

Open Relay Exchange