SmtpRC FAQ

SmtpRC - an open relay checker

Home Latest Version Read FAQ Sourceforge Project Page Mailing List

Frequently Asked Questions

(1) What is SmtpRC anyway?

SmtpRC is a program that can be used to scan entire networks for open mail relays. It is multithreaded so it runs very fast and it is fully configurable so it can be adjusted to suit any need. With more and more broadband customers connecting to the internet everyday a great deal of them are unknowingly running mail servers that are open to abuse from spammers. SmtpRC was written to enable Systems Administrator to easily detect those customers and take the appropriate action.

(2) What is an open relay?

When we refer to open relay we mean a mail server that allows third parties to send mail to other third parties. For example, the domain mydomain.com will accept mail for users @mydomain.com from Internet users all over the world; it also allows users on the machine to send mail to Internet users all over the world. However, it does not allow a user from, say, AOL.COM to send mail to a user at, say, JUNO.COM. Doing that (which is a popular technique used by spammers) is called a .third-party relay,. because the spammer is attempting to relay the mail through mydomain.com.

(3) Why would you want to help spammers find more open relays?

SmtpRC is not intended as a tool for spammers. It is intended for systems administrators so they can check networks under their control. As broadband becomes more popular with *DSL and leased lines. More and more small networks have permanent connections to the internet. A lot of these small networks also have wrongly configured mail servers that will relay third party mail. SmtpRC aims to address this problem by allowing ISP's to scan their broadband customers on a regular basis and to shut down any that are acting as open relays. Before they are detected by spammers!

(4) Why should I bother scanning for open relays?

If you don.t aggressively close down open relays in your network then spammers with find and abuse these servers. Spam puts an unneeded strain on your network and mail servers and is a pain to the millions of people that find it in their inbox everyday. You will also be likely to find your network on open relay blacklists such as ORBS.

(5) What do I need to get SmtpRC scanning my network?

Once you have downloaded SmtpRC you will need to configure the machine that will be performing the scans. It is recommended that you add a new user account to the machine for the purpose of scanning. You will also need some sort of MTA running on this machine as it will need to be able to receive any relayed messages.

(6) What is a blind or anonymous open relay?

This means that the open relay replaces the mail header with its own removing details of who the message was sent from. This enables spammers to send truly anonymous spam.

(7) When I run SmtpRC it eats all of my memory, why is this?

At the moment SmtpRC is quite memory intensive. This is because all of the info gained while scanning is stored in memory until it has finished scanning. This is ok when scanning reasonably small networks e.g. 192.168.*.* but scanning a network much larger than this would need memory > 128mb. If memory is a problem it is recommended that you scan your network in sections outputting the results to different Html files.

(8) What number of threads works best with SmtpRC?

This is completely dependant on OS and architecture. On a single CPU FreeBSD machine SmtpRC will happily scan with 600 threads although on the same machine running Linux it seems to fail with anything more that 250. If a machine has two CPU.s the number of threads that can be used should double. Please send me your findings about running SmtpRC on different architectures so that it can be added to this FAQ.

(9) I've found a bug in your program what should I do?

Please send all bug reports to diceman@dircon.co.uk. Please send as much info as possible with the report e.g.: command line options used, copies of the config files and if possible a back trace from gdb.

(10) Where can I find information about securing my MTA

http://www.mail-abuse.org/tsi/ar-fix.html Here you should be able to find all of the information you need to secure your mail servers against third party relaying.

(11) What should I do if I find an open relay in my network?

First of all you should try to contact the customer and inform them that their mail server is open to third party relaying. Tell them that it needs to be secured immediately and forward on the relevant documentation about securing MTA.s. If the problem is not fixed within 24hrs ask them to take the machine offline until it no longer relays third party email.

(12)Where can I discuss/get help/comment about SmtpRC

The devloper of SmtpRC can be reached at diceman@dircon.co.uk. Please feel free to coment/request help/request features/report bugs. If I have the time I will try to sort out anyones issues.