|
Many administrators misunderstand the concept of SMTP relay. Some over-cautious administrators block SMTP relay
completely and others leave it open for any Internet user to misuse their servers. Problems exist in both extremes.
Therefore, it is important to understand exactly what SMTP relay is and how to configure your SMTP server
so that is does not leave you vulnerable to outside attacks and allows legitimate users to send and receive emails.
This article should clear up some of the confusion on this topic and show how to effectively turn off an open relay.
What is SMTP?
Before we dive into SMTP Relay, it is important to know how the SMTP protocol works. SMTP is an acronym
for Simple Mail Transfer Protocol. Most of Internet service providers nowadays use this protocol
to send email. Email clients, also known as Mail User Agents (MUA), utilize this protocol and act
as an SMTP client to distribute email messages to the recipients. When a MUA sends an email messages,
it connects to the configured SMTP server and communicates to it using the SMTP protocol.
Internet mail works pretty much like our postal mail. When you wish to send a letter or a package via snail
mail, you put the letter inside an envelope, write the recipient\u2019s as well as your return address
and drop it off at your local post office. The local post office figures out the final destination of
the package and sends it to the appropriate post office in the recipient's town. One important factor to
notice here is that if both sender and recipient are in the same town no other post office gets involved.
Electronic mail works pretty much the same. SMTP servers act as local post offices. When a user
wishes to send an email, he or she sends it to the SMTP server, which then forwards it to the
recipient\u2019s SMTP server. Rather than street address and apartment numbers, electronic mail recipients
are identified by unique email addresses. Every SMTP server is configured to handle one or more
domain names. Analogous to snail mail, if both sender and recipient are in the same domain no other
SMTP server gets involved.
Following characteristics are common between snail mail and electronic mail.
| Snail Mail | Electronic Mail |
| Every mail package is wrapped within an envelope that contains:
Sender's name and address
Recipient's name and address
Post office's stamp
The date and time the package was received by the post office
|
Every electronic mail is wrapped within an envelope as well and contains:
Sender's name and email address
List of recipients and their email address
SMTP server's signature. There can be more than one SMTP server involved
The date and time the email was received.
Electronic mail can have more elements than mentioned above.
|
| There is no guarantee that the sender's name and address will always be correct.
It is very easy to fake the sender's identity. |
Similarly, it is very easy to hide the sender's true identity in an electronic mail. |
| If the sender and receiver are in the same town, your local post office will not
send the package to any other post office. |
If the sender and receiver are handled by the same SMTP server, no other server
will get involved. |
| Although the sender's identity cannot be trusted, you can still find a few things about the
package by looking at the envelope such as the town letter was mailed from and time.
|
Similarly, the SMTP envelope (also known as header) contains information such as sender's IP Address
and date/time stamp the mail was sent. |
| Every post office is assigned a postal code or zip code, which is used to identify it location.
It is possible that in one post office may handle multiple zip codes. |
These postal/zip codes are known as domain names in SMTP speak. Every SMTP server is configured
to handle one or more domains. Domain name is the text that appears after the @ sign in an email address. |
|
|
|
|
|
|
What is mail relay
In case of snail mail, the local post office is a government agency and there are no
restrictions on who can send a package. Consider a scenario where you live in town A and you
want to send a package to town B. When one town's post office accepts packages from another
town it is said to "Relay" your message.
Similarly, if you work for company A and want to send an email to someone in company B, you connect to your
SMTP server which then relays your message to the SMTP server owned by company B. The notion that an SMTP server
accepts an email that is destined for a different SMTP server is called relaying.
It would be impossible to send email if every SMTP server in the world stopped relaying
User authentication
The electronic world is a bit different than the real world: you can do things faster, cheaper and distances
do not matter. Imagine every time you wanted to send a snail mail you were asked to show your passport or any
other document that proved your identity. This would add some extra security at a cost of frustration and time.
However, the frustration level associated with asking for a user\u2019s id and password in an electronic transaction
is much lower than the burden of having to carry your passport.
Most SMTP servers ask for the user\u2019s credentials in terms of their id and password. If these credentials
are valid the SMTP server will allow the user to relay their message to a different server. This authentication
mechanism ensures that no one outside the organization can use the company's SMTP server to send message to a third
party recipient.
What is an open relay
Your server is said to be an open relay if it accepts messages on behalf of other domains and does
NOT require user authentication. In the case of an open relay, a person sitting in Singapore can send an
email to California through your server, which could be in London.
Open relay servers are frequently misused by spammers sending unsolicited emails. Once a malicious user
finds out about an open relay server on the Internet, he/she can send millions of messages all over the
world, potentially bringing your network to its knees.
Several organizations have setup databases of IP Addresses that list and track open
relay servers. If you have an open relay server you run the risk of having your
IP listed in one of these databases. As a result many SMTP servers may not accept emails from you.
How to check for open relay
The easiest way to test for an open relay is using the network tools
available on ITA Secure Messaging's web site.
Alternatively, you can send an email specifying the test server as your SMTP server and without
inserting a user id/password. This can be done via any User Agent, such as MS Outlook, Netscape
Messenger or Eudora. In the configuration, specify the SMTP server that you want to test and remove
any user id/password that you may have specified. Try sending emails to multiple domains and if the
email is accepted your server might be an open relay.
|
