of 12
7/27/2019 Open Relay Exchange
1/12
Home Buy Download Details Support
Blocking Open Relays
Table of Contents
An increasing number of spammers are exploiting open e-mail relays to send spam and
disguise the true source of their messages. Open relays are e-mail servers that are configured
to accept and transfer e-mail on behalf of any user anywhere, including unrelated third
parties. If your computer acts as an open relay, it allows any e-mail sender anywhere to send
messages.
How spammers detect open relays
Spammers use automated software to scan the Internet trying to find open relays. If they find
out that your server is open, they will probably send spam through it. The software they are
using scans a range of Internet IP addresses by trying to establish a network connection on
port 25. If the connection succeeds, an IP address is listed and used for sending.
There are at least two advantages for the spammers:
This technique lets spammers hide their identities because it appears that the spam
actually comes from you. This makes extremely hard to track them down.
It is virtually impossible to get caught by their ISP. All ISPs deny sending spam from
their networks. If the spammers cannot be tracked down, they cannot be reported to
their ISP which would broke down their account anyway, because of violating the
Acceptable User Policy.
Recipients of the spam sent from your computer could flood your server with complaints. The
spam and resulting e-mail traffic could overwhelm your system. If you are maintaining an
open relay, you are leaving your door open to the theft of your computer services.
How ISPs reject messages from open relays
When you send messages from an SMTP server running on your computer, some ISPs perform
a relay check. They identify your computer's IP address and try to establish a connection toport number 25 which is the port used to send e-mail. If the server on your computer accepts
the connection - your message is rejected.
Detection
PostCast Server has a feature that allows you to check if your computer runs as an open relay.
Open the Setup Wizard from the Tools menu and press the "Open Relay" button in the
Network Diagnostics step:
Blocking Open Relays http://www.postcastserver.com/help/Blocking_Open_Relays.aspx
1 of 4 16/03/13 23:38
7/27/2019 Open Relay Exchange
2/12
Solutions
Accept only connections from local computer or LAN
When you enter your Internet IP address in the Host Name text box in the Settings screen,
everyone can connect to the server from the Internet. You can run the server using the
Internet IP address, but you need to either change the port number or allow access only to
certain IP addresses.
If you do not need to accept connections from the Internet, select the LAN IP address or
127.0.0.1 in the Host Name drop down list in the Settings screen:
Change the port number
Change the number of the port from 25 to some random number (1-65535). Instruct the
users to change the settings in their e-mail programs. This will trick the IP scanner software
because your port 25 will be closed and your computer will not respond to their queries. Make
sure that no other SMTP server software is running on your system, including "Simple Mail
Transport Protocol (SMTP)" service if you are running Windows NT, 2000, XP, or 2003:
Blocking Open Relays http://www.postcastserver.com/help/Blocking_Open_Relays.aspx
2 of 4 16/03/13 23:38
7/27/2019 Open Relay Exchange
3/12
Restrict access to a list of IP addresses
The basic way to implement e-mail relay protection is to configure your e-mail server to allow
only certain TCP/IP addresses and address ranges to relay through your server. With this
technique, your e-mail server will reject any relay attempt from TCP/IP addresses outside ofyour network.
If, for example, computers on your network have IP addresses that begin with 192.168.0, go
to Tools>Settings>Security and enter that as a value in the "Allow access ONLY for users with
these IP addresses" list:
Anti-Spam Methods:
Overview
Port 25 Blocking
Internet Black and White Lists
Blocking Open Relays
DNS Lookups
Blocking Open Relays http://www.postcastserver.com/help/Blocking_Open_Relays.aspx
3 of 4 16/03/13 23:38
7/27/2019 Open Relay Exchange
4/12
Home Buy Download Details Support
Port 25 Blocking
Table of Contents
Many ISPs are blocking what is called "Port 25" which is the port used to send e-mail. They are
doing this to cut down on the amount of spam that is sent from their networks.
All e-mail sent via the Internet is routed through the port 25, the channel used for
communication between an e-mail client and an e-mail server. Even though port 25 blocking
will probably become an industry standard, however, the filter can create problems for e-mail
servers and block legitimate e-mail as well as spam.
Port 25 blocking allows ISPs to block spam sent out through their networks, but it tends to
punish the innocent that have a need to send through e-mail servers other than those
belonging to their ISP. The ISPs that block port 25 require their SMTP server to be used
instead of the remote SMTP server or a SMTP server running on your computer.
How the port 25 is used
All e-mail sent via the Internet is routed through port 25. When an e-mail server that runs on
your computer delivers messages, it always uses port 25 to transmit data to remote e-mail
servers. Therefore, if your ISP is blocking the port, your messages will not get through. There
are two different ways the port 25 is being used by PostCast Server:
Incoming Connections
PostCast Server uses port 25 to accept incoming connections from e-mail clients. You can
freely change that value in both server and client program and everything will continue to
work because all TCP/IP connections are directed to your computer. Unless you block
connections to your computer, the program will accept messages using any port number you
specify (1-65535).
Outgoing Connections
PostCast Server also uses the port 25 for sending. It connects to remote servers and delivers
the messages from the Outbox folder. Exactly the same rules apply except that every remote
server expects the connection ONLY on port #25. This is the standard port number and while
you can change the port number in the program to allow clients to send the messages
internally, the remote servers always use port 25. If your ISP blocks remote connections to
port 25, you cannot send any messages. PostCast Server will not be able to connect to the
remote servers.
ISPs that block Port 25
This list contains some of the major ISPs that block port 25 on their servers:
AT&T
(can be MindSpring
Port 25 Blocking http://www.postcastserver.com/help/Port_25_Blocking.aspx
1 of 4 16/03/13 23:39
7/27/2019 Open Relay Exchange
5/12
unblocked
at the
request)
BellSouth MSN
CableOne NetZero
Charter People PC
Comcast
ATTBISprynet
Cox Sympatico.ca
EarthLink Verio
Flashnet Verizon
MediaOne
Related News Stories
Anti-spam tool brings MSN under fire: http://www.zdnet.com/zdnn/stories
/news/0,4586,5080821,00.html
Hotmail spam filters block outgoing e-mail: http://news.com.com
/2009-1023-251171.html?legacy=cnet
MSN filter sparks subscriber ire: http://news.com.com
/2100-1023-255459.html?legacy=cnet&tag=bplst
Detection
You can detect whether your ISP blocks port 25 using the Setup Wizard in PostCast Server. In
the Network Diagnostics step, press the "Port 25 blocking" button to run the test:
You can also see if the port is blocked by running a telnet command:
Press Start/Run and enter:
telnet://[emailserver]:25
Replace [emailserver] with the address of any external e-mail server. For example:
mx1.hotmail.com
mail.telenet.net.au
Do not use your ISP's e-mail server address. If the port is not blocked, you should receive a
Port 25 Blocking http://www.postcastserver.com/help/Port_25_Blocking.aspx
2 of 4 16/03/13 23:39
7/27/2019 Open Relay Exchange
6/12
response starting with the '220 ' string.
Solutions
To bypass the port 25 blocking you have these options:
Use a different ISP
You can use a different ISP to connect to the Internet. Smaller local ISPs usually do not block
Port 25. Here are some web sites that can help you find thousands of ISPs:
http://www.findanisp.com/
http://www.thelist.com/
http://www.isps.com/
Use socks proxy servers
You can send e-mail using the socks proxy access to a computer on the Internet. This feature
enables you to relay e-mail through other servers. When the message is sent using a
third-party socks proxy, your IP address does not appear as the source of the message.
The best solution is to connect to your ISP's socks proxy directly if it is provided by the ISP.
Some ISPs offer access to their socks proxy server. See if your ISP provides socks proxy
access in the support section on their web site. If they do, you can use their socks proxy
server address to configure the program to send messages. Their server's (non-dynamic) IP
address will be the source of your outgoing messages instead of your dynamic IP address
assigned to your computer at the moment your Internet connection is established.
Use backup SMTP servers
You can specify one or more backup SMTP servers and instruct the program to forward all
messages to them. This is not a complete solution because the program will still be unable to
send messages from your computer. For more information, see SMTP Gateways.
If you do not need to send messages
If you only want to receive messages sent to the server you can use the "Mail Reflector"
service offered by no-ip.com. This service enables them to be the primary e-mail exchanger
for your domain. When e-mail destined for your domain arrives at their servers, they forward
it on to your inbound e-mail server, which can be on a different (and unblocked) port of your
choosing. Price is $39.95 per Year. See this web page for more information: http://www.no-
ip.com/services/mail/reflector
Anti-Spam Methods:
Overview
Port 25 Blocking
Internet Black and White Lists
Blocking Open Relays
Port 25 Blocking http://www.postcastserver.com/help/Port_25_Blocking.aspx
3 of 4 16/03/13 23:39
7/27/2019 Open Relay Exchange
7/12
Home Buy Download Details Support
DNS Lookups
Table of Contents
This method tries to eliminate spam sent by e-mail servers connected through Internet dial-up
connections, as well as most ADSL and cable connections. IP addresses of those connections
are usually not registered to any DNS as a qualified host meaning that they do not have their
own static IP and a registered host name like mail.domain.com.
A DNS lookup uses an Internet domain name to find an IP address, where a reverse DNS
lookup is using an Internet IP address to find a domain name. Reverse DNS lookup technique
is able to identify if the sending e-mail server is legitimate and has a valid host name.
Many spammers use misconfigured hosts to disguise the source of the spam. A DNS query
that does not recover a matching host name and IP address is a good indication that the
message is spam.
DNS lookup is not always a good solution. Many legitimate e-mail servers are incorrectly
configured, or have intentionally not registered a name with DNS, so a reverse query does not
return a matching host name. Also, this anti-spam method runs DNS queries on a large
number or e-mails and consumes valuable network resources. A number of problems,
including network delays and improperly configured networks or servers, can prevent
legitimate messages from getting through the filter. In January 2003, AT&T WorldNet started
using reverse DNS and was forced to remove the filter just 24 hours after it was deployed,after subscribers reported that messages were going undelivered.
Ways to do DNS lookups
Reverse DNS lookup
This method is time-consuming and it is rarely used. The receiving server performs a reverse
DNS lookup on the IP address of the incoming connection and checks if there is a valid domain
name associated to it.
HELO lookup
The receiving server will get the host name of the sending e-mail server from the SMTP HELO
command, perform a simple DNS query (forward DNS lookup) and verify that the IP address is
indeed the IP address of the incoming connection. If the resulting IP address does not match
the incoming connection IP address (sender's IP address), e-mail is rejected.
Sender's address lookup
When ISPs check whether an incoming e-mail is accepted, they can do a DNS check on the
sender's e-mail address. For example, if your address is , then the ISP does an nslookup on
domain.com. If no records are found - the message is rejected.
A variation of this method is checking if there is an MX DNS record of the domain.com. MX
DNS Lookups http://www.postcastserver.com/help/DNS_Lookups.aspx
1 of 3 16/03/13 23:44
7/27/2019 Open Relay Exchange
8/12
record returns an address like mx1.domain.com used to connect to the server that accepts
messages for domain.com. Even if the domain in the sender's e-mail address is valid, but
there is no e-mail server for domain.com - the message is not accepted.
Solutions
The solution depends on which method is used to block spam.
1. Reverse DNS lookup
Get a domain name
To get a domain name for your dynamic IP address you can use the no-ip.com DNS
service which enables you to host a server using a dynamically assigned IP address.
When you send messages, if any of ISPs perform a reverse DNS lookup of your IP
address, they will always get a valid domain name and accept messages sent from your
computer.
The basic service is free, but the names are sub domains of names already registered by
No-IP like: "servequake.com" or "myvnc.com". For more information, visit this web
page:
http://www.no-ip.com/services/page/free/dynamic/dns
No-IP Plus enables you to use your own, separately registered domain name. The price
for one year is $24.95:
http://www.no-ip.com/services.php/page/plus
Use backup SMTP servers
The Professional Edition of PostCast Server has a feature that allows you to specify one
or more backup SMTP servers. If only certain domains are unable to receive messages
from PostCast Server, you can use this option to forward those messages to your ISP's
SMTP server. Open the Settings/Undelivered/Gateways window to configure this feature.
For more information, see SMTP Gateways.
Use socks proxy servers
This feature enables you to relay e-mail through other servers. When the message is
sent using a third-party socks proxy, your IP address does not appear as the source of
the message. The best solution is to connect to your ISP's socks proxy directly if it is
provided by the ISP. Their server's (non-dynamic) IP address will be the source of youroutgoing messages. For more infromation, see Firewall and Proxy Support.
2. Sender's address lookup
Make sure that e-mail address in the From field of your messages is always valid.
3. HELO lookup
AOL, Hotmail, Yahoo, and some other ISPs perform a HELO lookup when receiving
messages. If the lookup is not successful, they simply reject to deliver the message to
the recipient without sending any error message. There are three possible ways to solve
this problem.
DNS Lookups http://www.postcastserver.com/help/DNS_Lookups.aspx
2 of 3 16/03/13 23:44
7/27/2019 Open Relay Exchange
9/12
1. You can select the "Resolved Internet IP" option in the HELO handshaking settings in
the Settings/Advanced screen. The program will perform a DNS query to find out which
address points to your IP. This option sometimes does not return the correct values if
you are behind a router. If that is the case, you can use the http://network-tools.com/
service to check your IP address and look for "Host name" which should then be copied
into the "Use this Identification" box in HELO handshaking settings.
2. Try to change the server identity in the HELO handshaking settings in the
Settings/Advanced screen to the "mail.domain.com" format. For example, if your ISP
provides e-mail address such as [email protected], set the HELO handshaking
identification to mail.domain.com. Try also with only 'domain.com' format.
3. If you have a domain name that points to your computer's IP address, then enter that
domain name in the HELO handshaking settings in PostCast Server. You can use the
no-ip.com service to host a domain name on your computer.
Anti-Spam Methods:
Overview
Port 25 Blocking
Internet Black and White Lists
Blocking Open Relays
DNS Lookups
Home | Buy | Download | Details | Support
1997-2013 Oricode, Inc. All rights reserved. | Privacy Statement
DNS Lookups http://www.postcastserver.com/help/DNS_Lookups.aspx
3 of 3 16/03/13 23:44
7/27/2019 Open Relay Exchange
10/12
Home Buy Download Details Support
Internet Black and White Lists
Table of Contents
Two of the least effective and most damaging methods for fighting spam are white lists and
black lists. In many cases, these lists harm innocent people and prevent critical business
e-mail from being delivered. One of the drawbacks is that if you block an entire domain, you
may be blocking as much as 90 percent of wanted e-mail while blocking only 10 percent of
unwanted spam.
If you are sending e-mail from an e-mail server on your computer and your IP address is on
one of the lists, that can affect you in two ways:
Your messages cannot be delivered if a recipient's e-mail server checks IP addresses of
incoming connections against black and white lists.
If your messages are successfully delivered to recipients, they can run an anti-spam
software that uses black lists to categorize your messages as spam. Your e-mail can end
up in a folder for spam or be deleted and will probably never be read.
Black lists
A spam black list is a list of IP addresses and domains of known spam e-mail servers. Black
lists are used to block all e-mail that comes from certain servers on the Internet that havebeen identified as being used to send spam.
A well-known black list is hosted by SpamCop, located at www.spamcop.net. Another one is
Open Relay Database, located at www.ordb.org. Many anti-spam products also maintain their
own black lists and include optional subscriptions to third-party black list services.
White lists
White lists are the opposite of blacklists. They list trusted e-mail addresses and domains that
are always allowed to send e-mail, no matter what the content is. White lists are used to
require that senders authenticate their identity prior to e-mail being delivered to the recipient.
White lists will definitely allow e-mail coming from a trusted site to come through, but do not
provide a solution for blocking spam. White lists require constant maintenance to be very
effective. If not properly maintained, the risk of losing e-mail from legitimate sources is high.
Dial-up Lists (DUL)
Some ISPs block access to their servers if the incoming connections originate from dynamic IP
addresses. Their goal is to force users that are running e-mail servers on their dial-up
connections to send all outgoing e-mail through their ISP's e-mail server. If you send
messages from PostCast Server using a dial-up connection, you will probably experience this
problem with AOL.
Internet Black and White Lists http://www.postcastserver.com/help/Internet_Black_and_Whi...
1 of 3 16/03/13 23:45
7/27/2019 Open Relay Exchange
11/12
A well-known DUL list is MAPS Dial-up User List:
http://mail-abuse.org/dul/
Detection
PostCast Server has a feature that allows you to check if your computer's IP address is
blacklisted. The program uses a DNSbl service that lets you check whether a particular IP
address is being blocked by any of more than 100 anti-spam services: http://www.dnsbl.info/
Open the Setup Wizard from the Tools menu and press the "Blacklisted IP" button in the
Network Diagnostics step:
You can also see the status of the IP address you are using if you visit this location:
http://dnsbl.info/lookup.asp?IP=[IPADDRESS]
Replace [IPADDRESS] with your Internet IP address. You can get the correct value by pressing
CTRL+I in PostCast Server or by visiting http://www.myip.com/ web site.
Solutions
If you are using a dial-up connection, usually a few anti-spam services have your IP in their
lists. If you discover that a significant number of black lists have your IP address, you have
these options:
Establish a new connection
Establish a new dial-up connection to your ISP. That usually results in assigning a different
Internet IP address to your computer. Run the test again to see if the new address is also
blacklisted.
Use a different ISP
You can use a different ISP to connect to the Internet. Each ISP has its own range of IP
addresses they assign to dial-up users. There is a good chance that the IP addresses of a
different ISP are not blacklisted. Here are some web sites that can help you find thousands of
ISPs:
http://www.findanisp.com/
http://www.thelist.com/
http://www.isps.com/
Internet Black and White Lists http://www.postcastserver.com/help/Internet_Black_and_Whi...
2 of 3 16/03/13 23:45
7/27/2019 Open Relay Exchange
12/12
Ask your ISP for a static IP address outside of the dial-up space
Ask the list maintainers to exclude your host
Use socks proxy servers
You can send e-mail using the socks proxy access to a computer on the Internet. This feature
enables you to relay e-mail through other servers. When the message is sent using a
third-party socks proxy, your IP address does not appear as the source of the message.
The best solution is to connect to your ISP's socks proxy directly if it is provided by the ISP.
Their server's (non-dynamic) IP address will be the source of your outgoing messages. For
more information, see Firewall and Proxy Support.
Use backup SMTP servers
The professional edition of PostCast Server has a feature that allows you to specify one or
more backup SMTP servers. If only certain domains are unable to receive messages from
PostCast Server, you can use this option to forward those messages to your ISP's SMTP
server. Open the Settings/Undelivered/Gateways window to configure this feature. For more
information, see SMTP Gateways.
Anti-Spam Methods:
Overview
Port 25 Blocking
Internet Black and White Lists
Blocking Open Relays
DNS Lookups
Home | Buy | Download | Details | Support
1997-2013 Oricode, Inc. All rights reserved. | Privacy Statement
Internet Black and White Lists http://www.postcastserver.com/help/Internet_Black_and_Whi...
3 of 3 16/03/13 23:45