Linux SMTP relay – How we protect your mail servers from being open relays
Protecting mail servers from being used as Linux SMTP open relays, is a major security task we perform as a part of our Dedicated Tech Support services for web hosting providers.
An open mail relay is an SMTP server that allows any host to send mails through it. If it is open relay, users can send mails through that Linux SMTP relay server without authenticating.
Today we’ll see how we resolve SMTP relay errors in our customers’ mail servers.
Linux SMTP relay – Why should you protect your mail server from open relay?
While some customers allow no open relays or relaying mails only from trusted hosts, majority of the mail servers we configure are secured to prevent all such open relays.
A mail server that acts as an SMTP relay can get easily spammed by attackers and end up being blacklisted in spam databases. This can lead to delay or failure in email delivery from this mail server.
No destination server would accept mails from a spamming server that is blacklisted. To protect our customers’ servers from getting blacklisted, we prevent any open relay through these servers.
We’ve seen cases where a third party application rule set messed up the server settings and made it vulnerable, causing it to function as an open relay. With our timely intervention, we’ve been able to detect and fix such issues promptly.
[ Use your time to build your business. We’ll take care of your customers. Hire Our Hosting Support Specialists at $9.99/hr. ]
What causes ‘Relay access denied’ error?
A secure mail server blocks connection attempts from all unauthorized email user accounts and allow only authenticated users to send mail through it.
If any host tries to relay mails through the mail server without authenticating, it would be rejected by the secure mail server with the error message ‘Relay access denied’.
However, this error can also happen in cases where valid email users try to send mails. If the mail server is unable to confirm whether the domain owner is authorized to send emails through it, the mail would be rejected.
In cPanel Exim email servers, a valid sender means the user who authenticates to the mail server using the mail account username and password, before trying to send mails.
Valid users face ‘Relay access denied’ error while trying to send mails, due to many reasons. Some of the reasons we’ve seen are:
- User not authenticated properly – user name or password wrong.
- Wrong mail server given in the mail client configuration.
- SMTP port blocked or wrong port configured.
- Incorrect MX record settings or DNS resolution issues.
- Email routing issues or other errors in the mail server.
- Any custom 3rd party webmail or spam filter settings.
- Recipient mail account corruption.
- Changes of authenticated IP on users’ mobile devices.
- When an external sender fails your server’s spam check.
- Improper configuration of mail server, such as relaying and recipient settings.
[ Running a hosting business doesn’t have to be hard, or costly. Get world class Hosting Support Specialists at $9.99/hour (bulk discounts available) ]