Rapid7 Vulnerability & Exploit Database

SMTP unauthenticated 3rd-party mail relay

Back to Search

SMTP unauthenticated 3rd-party mail relay

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
01/01/1999
Created
07/25/2018
Added
11/01/2004
Modified
03/21/2018

Description

An "open" SMTP relay is an SMTP server which allows mail to be sent by an offsite user to an offsite user. Other names for this are "open relay", "open mail server", "third party relay", "promiscuous mail relay" and so on. This vulnerability is exploited by spammers (bulk mailers) or anyone who wants to send an untraceable email message.

It is common for spammers to abuse open SMTP relays, sending thousands of untraceable messages through the server. This can seriously impact the performance of the server, possibly rendering the server inoperable.

Another consequence of the abuse of this vulnerability is that other organizations, in an attempt to stop the flow of spam, may throw away any mail originating from your server (including legitimate mail from your users).

Solution(s)

  • smtp-disable-relay

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;