How can NAT make me an open relay?
I have set my relay configuration to the default "Disallow relay, all RCPT clauses must be local" but I am still being blacklisted as an open relay. My GMS installation is located behind a firewall that employs Network Address Translation. Could that be the problem?
If your firewall is translating the IP addresses of all incoming connections into a local IP address then your mail server will almost certainly be an open relay. The translation means that the GMS server is only seeing connections from the translated address which is local. By default local IP addresses are allowed to relay. There are two solutions as follows:
- Set up your firewall so that it does not translate incoming IP addresses into a local address. This is the preferred option as it allows the GMS server to see the real IP of the connecting server. This means that anti-spam checks such as reverse lookups can be successfully carried out. You will need to consult your firewall documentation to find out how this is done.
- Remove the IP address of your firewall from the Security>LocalIP page in the GMS interface. This would mean that GMS sees the NAT IP address as being external and
therefore not allowed to relay email.
Note: By default, Gordano software is configured to prevent relay of email. The reason that your system was vulnerable to attack was the addition of the Network Address Translation feature of your firewall.
Keywords:NAT Relay network address translation