04. November 2015 · Comments Off on Check Whether the Exchange Server is an Open SMTP Relay using a Telnet Test · Categories: Microsoft · Tags: , ,

Check Whether the Exchange Server is an Open SMTP Relay using a Telnet Test

A Telnet test involves establishing a Telnet session from a computer that is not located on the local network to the external (public) IP address of the Exchange server. You need to carry out the test from a machine at home, or from another office. Doing the test from a machine on your own network will produce useless results.

  1. Start a command prompt.
    Either click start, run and type CMD
    or Choose Command Prompt from Start, Programs, Accessories, Command Prompt
  2. Type “telnet” (minus quotes) and press enter.
  3. At the Telnet prompt, type

    set localecho

    (minus quotes) and press enter. This lets you see what is going on.

  4. Still in the telnet prompt, enter the following command and then press enter

    open external-ip 25

    where external-ip is your external IP address eg:

    open 111.222.333.444 25

  5. You should get a response back similar to the following:

    220 mail.server.domain Microsoft ESMTP MAIL Service, Version: 6.0.2790.0 Ready at

  6. Type the following command in to the telnet windows:

    ehlo testdomain.com

    and press enter (note “testdomain.com” can be anything that isn’t a domain that the Exchange server is responsible for.

  7. After pressing OK you should get a response back

    250 OK

  8. Type the following command in to the telnet window:

    mail from:address@testdomain.com

    and press enter (again where address@testdomain is an email address that is not on the Exchange server. Note the lack of space between from and the first part of the address).

  9. After pressing OK you should get a response back:

    250 2.1.0 address@testdomain.com….Sender OK

  10. Type the following command in to the telnet window:

    rcpt to:address@anotherdomain.com

    and then press enter (where address@anotherdomain.com is not either an address you use internally or the address you entered earlier as the from. Once again note the lack of space between to and the first part of the e-mail address).

  11. After pressing enter you will get one of two responses.
    If you get

    550 5.7.1 Unable to relay for address@anotherdomain.com

    then you are relay secure.
    However if you get

    250 2.1.5 address@anotherdomain.com

    Then you are an open relay.