Open Mail Relays

Contents:

• Cornell University policy
• CIT procedures for responding to open mail relay complaints
• References: how to close an open mail relay
• References: how to configure specific mailers
• References: blacklists

Cornell University policy

The following is an excerpt from the Cornell University policies relevant to open mail relays:

The policies that govern the usage of computer and network resources outline certain standards of behavior. They also clearly state that the university reserves the right to place limited restrictions on activities that violate policies or codes. A complaint concerning the activity of an open mail relay is evidence of configuration that results in a violation of the policies governing the use of these resources. This interpretation is based on the fact the propagation of spam frequently consumes considerable network resources, adds to the end user's burden in managing and responding effectively to legitimate e-mail, and, in the case of a "blacklisted" server, may seriously impede the ability of an organization to engage in legitimate communications with other institutions. The time and effort required to resolve a blacklist situation can impose a substantial burden on the university's support resources.

CIT procedures for responding to open mail relay complaints

1. Complaints regarding open mail relays (OMR) are classified as security issues and should be reported to the Network Operations Center (NOC) at noc@cornell.edu.

2. If a new complaint is received, the NOC will attempt to contact the system administrator by phone or e-mail to notify him or her that a complaint has been received and that the NOC will perform tests to confirm or deny the existence of an open relay.

3. After the tests have been performed, the System Administrator and the complainant will be notified of the results.

4. The system administrator will be informed that a block of outgoing/off-campus mail from the offending OMR could be implemented at the discretion and request of Security staff at any time after verifying the existence of the open relay.

5. At the discretion of Security staff, a block will be implemented within forty-eight hours of OMR verification and administrator notification if the problem has not been repaired.

6. The block will remain in place until the Security staff can verify that the server has been repaired.

References: how to close an open mail relay

These links lead to sites with useful information regarding the remediation of open mail relays as well as discussions of current third-party relay issues.

• The MAPS Transport Security Initiative (http://www.mail-abuse.com/an_sec3rdparty.html) has instructions for securing servers running a variety of mail server software.

References: how to configure specific mailers

• Sendmail.org (www.sendmail.org) is the reference for information and answers related to sendmail. There you'll find the latest software releases (with anti-relaying settings included by default), FAQs, tips and a wealth of mail information.

• Netscape Messaging Server (NMS) has filters (in version 3.5 and above) and a plug-in (in version 4.15) to block unauthorized relaying, but these can be tricky to configure. Below are links to some configuration instructions.
  • Preventing relaying in Netscape Messaging Server
  • Using the Anti-Relay Plug-In

• FormMail (www.worldwidemart.com/scripts/formmail.shtml) has a version 1.9 that prevents unwanted anonymous spamming through your implementation of FormMail and also prevents unwanted access to environment variables.

References: blacklists

These links lead to sites that maintain databases of mail servers that have been "blacklisted" because of open relay issues. If your server has been blacklisted and you have corrected the problem, you can contact these sites to request that your server be retested and removed from their lists.

• Real-time Spam Black Lists (RBL)
• Distributed Sender Boycott List (formerly ORBZ)

First published January 15, 2001