Everyone can send mail from the server without authorization.
How to stop it?
If you find that your server is acting as an open relay, please check the following:
Log into Plesk
- Go to Tools & Settings > Mail Server Settings and check the relaying setting in the server-wide mail preferences:
It should be set as authorization is required.
On the same page check the white list and make sure that there are no unwanted IPs/networks.
By default, the list should contain only
This record means that authorization is required for all IPs except
That allows mail to be sent via Webmail.
To check if the server is really acting as an open relay, connect to the server via SSH or RDP try to connect to it from another server and send a message to an external email address:
# telnet <YOUR_SERVER_IP> 25
Connected to <YOUR_SERVER_IP>.
Escape character is '^]'.
220 hostname ESMTP Postfix
mail from: [email protected]
250 2.1.0 Ok
rcpt to: [email protected]
554 5.7.1 <[email protected]>: Relay access denied
If you see an output similar to the one shown above, your server is not an open relay. Otherwise, if you see a reply like
, then the server, indeed, is acting as an open relay.
250 2.1.5 Ok
Note: When sending messages to an email address hosted on the same server authorization is usually not required, and such behavior is not considered as an open relay. The same applies to send messages locally from the server.