Redhat – Sendmail Open Relay

Posted: May 25, 2010 in Redhat

The access database (normally in /etc/mail/access) allows a mail administrator to administratively allow access to the mail server by individual domains. Each database entry consists of a domain name or network number as the key and an action as the value.

Keys can be a fully or partly qualified host or domain name such as,, or The last two forms match any host or subdomain under the specified domain. (If FEATURE(relay_hosts_only) is set, only the first form works.) Keys can also be a network address or subnetwork, e.g.,, 205.199.2, or 205.199. The latter two forms match any host in the indicated subnetwork. Lastly, keys can be user@host.domain to reject mail from a specific user.

Values can be REJECT to refuse connections from this host, DISCARD to accept the message but silently discard it (the sender will think it has been accepted), OK to allow access (overriding other built-in checks), RELAY to allow access including relaying SMTP through your machine, or an arbitrary message to reject the mail with the customized message.

For example, a database might contain: REJECT RELAY 550 Spammers shan't see sunlight here

to reject all mail from any host in the domain, allow any relaying to or from any host in the domain, and reject mail from with a specific message.

Note that the access database is a map and just as with all maps, the database must be generated using makemap. For example:

makemap hash /etc/mail/access < /etc/mail/access

Manually Check for Open-Relay :

telnet 25

Server responds with: 220 SMTP

Server responds with: 250 OK

Server responds with: 250 Address Ok.

Server responds with: 250 OK

Server Responds (or may not): 354 Enter Mail
Enter message, then on a new line,


The message should now be sent. By modifying the MAIL FROM and RCPT TO lines, you can test for open relay.

Open Relay Test from Web Site :


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s