[CLUE-Tech] open mail relay checker

Charles Oriez coriez at oriez.org
Fri Sep 17 08:15:46 MDT 2004 

At 07:38 AM 9/17/2004, David Anselmi wrote:
>Charles Oriez wrote:
>>At 10:37 PM 9/16/2004, you wrote:
>>
>>>Simple test to see if you're mailserver is an open relay.
>
>I wonder how accurate these are.
>
>>>http://www.checkor.com/
>
>Not so simple, won't check my domain.  Seems to be due to having only 2 
>parts in the server name.
>
>
>>john levine offers a similar service at http://www.abuse.net/relay.html
>>not sure which one is more thorough. John's is definitely faster.
>
>Both are reasonably nice.  John's seems to do more checks but my server 
>told it get lost after 11 (too many nonmail commands).  Oh well.

I looked at my sendmail log report this morning.  They show up in different 
places:

Relaying denied:
     From [211.171.134.71] to china9988 at 21cn.com: 1 Times(s)
     From www.abuse.net [208.31.42.77] to "securitytest%abuse.net": 1 Times(s)
     From www.abuse.net [208.31.42.77] to "securitytest at abuse.net": 1 Times(s)
     From www.abuse.net [208.31.42.77] to 
"securitytest at abuse.net"@sierraclub.org: 1 Times(s)
     From www.abuse.net [208.31.42.77] to 
@[207.174.21.172]:securitytest at abuse.net: 1 Times(s)
     From www.abuse.net [208.31.42.77] to 
@sierraclub.org:securitytest at abuse.net: 1 Times(s)
     From www.abuse.net [208.31.42.77] to abuse.net!securitytest: 1 Times(s)
     From www.abuse.net [208.31.42.77] to 
abuse.net!securitytest@[207.174.21.172]: 1 Times(s)
     From www.abuse.net [208.31.42.77] to 
abuse.net!securitytest at sierraclub.org: 1 Times(s)
     From www.abuse.net [208.31.42.77] to 
securitytest%abuse.net@[207.174.21.172]: 1 Times(s)
     From www.abuse.net [208.31.42.77] to 
securitytest%abuse.net at sierraclub.org: 1 Times(s)
     From www.abuse.net [208.31.42.77] to securitytest at abuse.net: 4 Times(s)


**Unmatched Entries**
    STARTTLS=client, relay=mx1.emailsrvr.com., version=TLSv1/SSLv3, 
verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256: 6 Time(s)
    STARTTLS=client, relay=mail.korrnet.org., version=TLSv1/SSLv3, 
verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256: 3 Time(s)
    ruleset=check_rcpt, arg1=test1 at checkor.com, relay=www.no-ip.com 
[63.215.241.203], reject=550 5.7.1 test1 at checkor.com... Relaying denied: 3 
Time(s)
    <securitytest at abuse.net@sierraclub.org>... Invalid route address: 1 Time(s)
    ruleset=check_rcpt, arg1="test1 at test.com"@grassroots.sierraclub.org, 
relay=www.no-ip.com [63.215.241.203], reject=550 5.7.1 
"test1 at test.com"@grassroots.sierraclub.org... Relaying denied: 1 Time(s)
    ruleset=check_rcpt, 
arg1=@grassroots.sierraclub.org:spamtest at checkor.com, relay=www.no-ip.com 
[63.215.241.203], reject=550 5.7.1 
@grassroots.sierraclub.org:spamtest at checkor.com... Relaying denied: 1 Time(s)
    <securitytest at abuse.net@[207.174.21.172]>... Invalid route address: 1 
Time(s)
    test1 at grassroots.sierraclub.org... User unknown: 1 Time(s)
    mail.cnxlol.com.mail9.psmtp.com.: SMTP DATA-2 protocol error: 571 
Message Refused: 1 Time(s)
    DSN: Remote protocol error: 1 Time(s)


Although the checkor report that the tester sees suggests that it performs 
fewer tests than John's does, it looks from the logs on my server like they 
are about the same.

Best bet I guess is to run both and reduce the chance that something was 
overlooked by one of them.


--

Charles Oriez     coriez at oriez.org    39  34' 34.4"N / 105 00' 06.3"W
"Drag God into politics, and you'll ruin his reputation in no time." -- 
Molly Ivins

More information about the clue-tech mailing list