Those "open relay" tests are wrong.

You've come to this page because you've asked a question similar to the following:
I ran a "test for open relays" tester against my SMTP Relay server and it reported that my system may be an open relay or is doing "Bad Things™". But I've checked and double-checked the configuration of my mail server and this simply shouldn't be so. What am I doing wrong ? Is my mail server broken ? How do I fix it ?

This is the Frequently Given Answer to that question. (You can find similar answers on FAQTS and on the Mitel Networks SME Server developers' web site.)

This answer applies to many open relay testers, including the MAPS/ tester and the the "remmie" relay test. It applies to several MTS softwares, including qmail and The Internet Utilities for OS/2.

You are doing nothing wrong. No, your mail server is not broken. There is nothing to be fixed. It is the way that the relay test detects whether or not an SMTP server is open to relay that is broken.

The tester assumes that an SMTP server is an open relay if the test mail is accepted. But in fact an SMTP Relay server is an open relay only if the test mails are delivered to the final target. Logically, an MTS is only an open relay if mail can actually be relayed through it.

The tester also assumes various things about mail addressing that are not universally true. Specifically, it assumes that various "addressing hacks", such as the "percent hack", "bang paths", and "hidden @s", are universally implemented. But they are not.

To put it simply: The relay testers are deficient, inasmuch as they fail to take into account that there might exist MTAs that strictly conform to the Internet standards and don't support all of these various historical (and largely useless) addressing bodges; and that on such systems the act of accepting a message that is addressed to a mailbox with such a bodge in it is not necessarily the same as being an open relay.

To be frank, in the case of the "remmie" relay test the poor quality of the test result page should have tipped you off to the quality of the tester as a whole. The output from the test isn't even converted to correct HTML. ('<' and '>' in mailbox names are not converted into "&lt;" and "&gt;" as they should be, resulting in a results page full of invalid HTML that web browsers will simply not display as intended.) The inability of the tester's author to get something basic like that right should leads you to suspect that he/she might not have got the actual tests right, also.

© Copyright 2001-2004 Jonathan de Boyne Pollard. "Moral" rights asserted.
Permission is hereby granted to copy and to distribute this web page in its original, unmodified form as long as its last modification datestamp is preserved.