ME020034 - INF: How does MailEnable determine who can relay?


SUMMARY

How MailEnable determines local send and relay rights. MailEnable enumerates recipient (RCPT) requests in three logical rule blocks; Sender, Local Recipient and Relay Recipient Enumerations. MailEnable processes these rule blocks sequentially. These rule blocks and their processing are outlined under their respective headings.

DETAIL

Use the debug log in order to debug relay rights. The responses returned when enumerating rights are recorded with an appropriate description.

Use this description to determine if or how a relay request was handled by the server.

SENDER BLACKLISTING

Firstly, MailEnable processes rules that determine whether the sender of the message is banned from sending locally or relaying.

1. MailEnable checks the Sender's address and determines whether they are blacklisted and therefore banned from sending locally or relaying.

Debug Log Contains: Recipient Denied: %s is a blacklisted domain.

LOCAL RECIPIENT ENUMERATION

Secondly, MailEnable enumerates the recipient address and determines if the user is locally serviced.

1. If the Recipient address is the postmaster, access is granted.

Debug Log Contains: Local Delivery: Address (%s) is local
2. If the Recipient address is defined in the AddressMap as a literal address, access is granted.

Debug Log Contains: Local Delivery: Address (%s) is local
3. If the Recipient address is defined in the AddressMap as a catch all address, access is granted.

Debug Log Contains: Address (%s) is to be delivered to Catch-All address.
4. If "Force Inbound Resolution" is set and the Recipient address is to a locally serviced domain, access is denied.

Debug Log Contains: Local Delivery: Domain for (%s) is locally serviced, but recipient is not defined in address map.
5. If "Force Inbound Resolution" is not set and the Recipient address is to a locally serviced domain, access is granted.

Debug Log Contains: Local Delivery: Domain for (%s) is locally serviced.

RELAY ACCESS ENUMERATION

Finally, MailEnable determines whether the recipient requires mail relay (i.e. the message is destined for addresses that are not locally serviced by this host). It does this using the following logic:

1. MailEnable determines whether Overriding Relay Access is enabled or disabled and grants or denies accordingly.

Debug Log Contains: Relay Denied: Server is configured not to allow relaying. (if relaying is disabled).
2. MailEnable determines whether "Allow Relay For Local Sender Addresses" right has been set. This checks whether the Sender address is defined in the address map table.

Debug Log Contains: Relay Granted: %s is in local address map.
3. MailEnable determines whether "Allow Relay For Privileged IP Ranges" right has been set.

Debug Log Contains: Relay Granted: Sender IP (%s) is within an authorized IP range.
4. MailEnable determines whether "Allow Relay For Authenticated Senders" right has been set.

Debug Log Contains: Relay Granted: Sender has authenticated.
5. MailEnable determines whether "Allow Relay For Anybody" right is set.

Debug Log Contains: Relay Granted: Server is configured to allow anyone to relay.
6. All rules for relaying have now been processed and no relay criteria could be met. So the server denies.

Debug Log Contains: Relay Denied: Failed to meet all relay criteria.

MORE INFORMATION

What is mail relaying?: Article ME020262

What are the best relay settings to use?: Article ME020001

How to test if the server is secured from abuse (Open Relay Test): Article ME020168

How does a server get blacklisted and how to get removed from blacklists?: Article ME020166

How to tell if the server been spammed through open relay?: Article ME020339



Product:MailEnable (All Versions)
Category:Operation
Module:SMTP
Keywords:Relay local sender recipient relaying rights local sending relays relayed SMTP
Class:INF: Product Information
Created:8/07/2002 1:53:00 PM
Revised:Wednesday, May 4, 2016
Author:
Publisher:MailEnable