An interesting interaction with my ISP
After setting up Postfix on my home server to properly send status reports to myself, I noticed something strange in the log files. Every day, at about midnight, I would see the following:
1
2
3
4
5
6
7
Jun 24 00:01:00 REDACTED postfix/smtpd[5644]: connect from relaycheck.ISP.nl[REDACTED_IP]
Jun 24 00:01:00 REDACTED postfix/smtpd[5646]: connect from relaycheck.ISP.nl[REDACTED_IP]
Jun 24 00:01:00 REDACTED postfix/smtpd[5646]: NOQUEUE: reject: RCPT from relaycheck.ISP.nl[REDACTED_IP]: 454 4.7.1 <REDACTED>: Relay access denied; from=<noreply@ISP.nl>
Jun 24 00:01:00 REDACTED postfix/smtpd[5644]: lost connection after CONNECT from relaycheck.ISP.nl[REDACTED_IP]
Jun 24 00:01:00 REDACTED postfix/smtpd[5646]: lost connection after DATA from relaycheck.REDACTED.nl[REDACTED_IP]
Jun 24 00:01:00 REDACTED postfix/smtpd[5644]: disconnect from relaycheck.ISP.nl[REDACTED_IP] commands=0/0
Jun 24 00:01:00 REDACTED postfix/smtpd[5646]: disconnect from relaycheck.ISP.nl[REDACTED_IP] helo=1 mail=1 rcpt=0/1 data=0/1 commands=2/4
Apparantly, they check for all their customers whether they are running an open relay. Which, by the way, is great. Open relays (mail servers that accept any mail, and forward it to their destination) used to be a good idea when not every downstream mailserver was online every second of the day. Nowadays, that is not a concern and open relays are mostly used to forward spam.
I could not find anything about this practice within a few Google searches, so I contacted the author of the script (which was the intended recipient of the relay checking email) about it. To my surprise, he responded! Original message in Dutch, translated to English by me.
Dear mr. Peters,
We are glad that you appreciate our service and it’s true, we do catch a lot of poorly configured mail servers this way. We have deployed this measure a few years ago (I am the author of the script) and ever since we have had very few problems with open relays.
Back then it was an emergency measure which was built by the maintenance staff and it would be nice to write something about it. I will discuss this with the product manager.
…
Kind regards,
Paul REDACTED.
Well, I haven’t heard from Paul since, so I took the liberty to write something myself. All names linking back to the ISP have been redacted just in case they don’t want it written up.
I really do appreciate the fact that they check instead of just blindly blocking port 25, which unfortunately is all too common.