2 Replies Latest reply: Jul 15, 2013 3:18 AM by Reading1995
Reading1995 Level 1 Level 1 (0 points)

Hi All,

 

I am currently moving from Exchange 2010 to OS X Lion Mail server.  I have a Mac Mini server running OS X Lion server.  This is my first Mac server so please bare with me.  I have enabled the Mail server using pretty much the defualt settings.  I can send and received emails on intranet (local LAN) and externally (internet) so far so good.  The only thing that I am a bit confused about is the relay options.  I have done a lot of researching on this and even found this information from Apple support site:

 

https://help.apple.com/advancedserveradmin/mac/10.8/#apdB3F8B86B-1839-4692-85FD- 007FC7222B78

 

I have currently nothing enabled (selected) under the Relay tab. In the Advanced tab, Hosting I have only "Include server's domain as local host alias" enbaled (selected) and "localhost" under "Local Host Alias".  Finally, in the Advanced tab, Security, Authentication I have enabled "Kerberos" and "CRAM-MD5" for "SMTP" and for "IMAP" / "POP".

 

When I use an Internet open relay testing tool I get different results.  As an example, mailradar fails every test and shows at the end that relays accepted by remote host:

 

>>> MAIL FROM: <antispam@mailradar.com>

<<< 250 dmz.zuzanet.co.uk

>>> RCPT TO: <relaytest@mailradar.com>

<<< 250 2.1.0 Ok

>>> QUIT

<<< 554 5.7.1 <relaytest@mailradar.com>: Relay access denied

<<< 221 2.0.0 Bye

[TEST NOT PASSED]

All tested completed! Relays accepted by remote host.

 

On the other hand, MXtoolbox shows OK - Not an open relay:

 

MAIL FROM: <supertool@mxtoolbox.com>

250 2.1.0 Ok [764 ms]

RCPT TO: <test@example.com>

554 5.7.1 <test@example.com>: Relay access denied [728 ms]

QUIT

 

However, if I telnet to the Mail server FDQN on port 25 in the local LAN and run the same test above, both result as "Relay access denied":

 

mail from: antispam@mailradar.com

250 2.1.0 Ok

rcpt to: relaytest@mailradar.com

554 5.7.1 <relaytest@mailradar.com>: Relay access denied

 

mail from: supertool@mxtoolbox.com

250 2.1.0 Ok

rcpt to: test@example.com

554 5.7.1 <test@example.com>: Relay access denied

 

Based on the information above my questions are:

 

1-Is open relay allowed by default on OS X Lion mail server?

2-Is it expected to see different results from internet open relay test tools available on the Internet that the relay is accepted?

3-Is there any further configuration/testing that can be done to make 100% sure that the Mail server is definitely not an open relay?

 

Thanks in advance,

Reading1995.



Mac mini Server (Mid 2011), Mac OS X (10.7.5)
  • Camelot Level 8 Level 8 (46,300 points)

    1-Is open relay allowed by default on OS X Lion mail server?

     

    No.

     

    2-Is it expected to see different results from internet open relay test tools available on the Internet that the relay is accepted?

     

    I wouldn't expect that. However, the fact that the first example clearly reports a 'relay access denied' message makes me wonder why the first test fails...

     

    3-Is there any further configuration/testing that can be done to make 100% sure that the Mail server is definitely not an open relay?

     

    I'd raise the issue with Mailradar since their test appears to be failing. There are also other relay checkers you can try. Alternatively, post your server details and have other people in the community check.

  • Reading1995 Level 1 Level 1 (0 points)

    Hi Camelot,

     

    Thank you very much for the quick reply and for the information provided. Most appreciated!  Apologies for the delay to respond.  I have emailed Mailradar the results of the open relay test but I am still waiting on their response.  I have tried another open relay test tool, myDNSTools.info, but it returned the same results as the Mailradar. It looks to me as if it could be a timing issue, for example the Mailradar shows that the response for the MAIL FROM: command (250 2.1.0 Ok) arrived after the RCPT TO: commnad was sent.  Therefore the open relay test assumes that relay is allowed even though the the mail server response is:

     

    554 5.7.1 <relaytest@mailradar.com>: Relay access denied

     

    If this is the case, I am not sure if the timing issues is something that I can control here at my end.  I was wondering if this could be caused by the spam filtering rules available in OS X Lion mail server?

     

    Thanks again,

    Reading1995