TZO Helpdesk

[ Register ] [ Submit Request ] [ Track Request ]
[ TZO Knowledge Base ] [ TZO Control Panel ]

HELP DESK: KNOWLEDGE BASE

View Entry


Subject	Open Relay Monitoring by Outbound Mail Relay (OMR) service
Author	Scott Prive


Open Relay Monitoring by Outbound Mail Relay (OMR) service This article describes Open Relay monitoring conducted by TZO. What is an Open Relay, and why would you monitor for it? For an introduction to this topic, please see the Open mail relay entry at Wikipedia.org. Servers which are open relays create work for other email users and email administrators, as someone needs to clean up the spam which was permitted relay. Additionally, work is wasted tracking down the source. Those on the receiving end of spam may complain to all parties connected to your online presence (not limited solely to the email service provider of the affected server). All email administrators are responsible for email which passes through their servers, and this fact includes both the administrator of an open relay, and also TZO itself for providing email services. If a open relay is found, the administrator of the domain tested is notified. TZO will provide example evidence in the form of logfiles and received/verification email. At this point the domain owner must take immediate steps to secure their server or remove the server's exposure to the Internet. Technical Support of the email software manufacturer may be required. Any mailserver which can only open as an open relay is obsolete. For domains which use TZO OMR service and also use SAF/SVF service, it may make sense to 'hide' the vulnerable/relay server from the Internet. For example, if SAF/SVF is the MX record for the domain AND if the domain owner firewalls their mailserver so the ONLY network that can reach that server is TZO. In this configuration, email can be sent and received from the server in question, but everything passes through TZO and the vulnerable server itself is not directly reachable from the Internet. This approach makes the most sense when server software upgrades are just too painful; in this configuration the server can continue operation but in a 'workgroup' sense, and TZO will act as the email doorway to the Internet. Questions Please email questions or concerns to TZO Support.

Copyright 1998-2008, Tzolkin Corporation. All rights reserved.