Page 1 of 1

RT_RELAY explanation?

Posted: 21 Mar 2014, 18:49
by fonewiz
I am looking for a more thorough explanation on this feature of CSF.

The way I understand it, this would block IP addresses of those sending X number of emails relayed through our server.

Since we do not allow relaying, at least the way I have always understood the term, this setting shouldn't matter.

The way I have always understood the term relay is the ability for anyone to send email through your server to email addresses and domains that are not hosted directly on that mail server.

Since I have my server setup to only accept email for email accounts and domains that are hosted on our server, then I wouldn't think our server should be considered a relay at all.

With that being said, I set the setting to 25 anyhow and then I noticed I got a few emails of IPs getting blocked for "RELAY" after 25 attempts, this surprised me since we don't allow relaying at all. 25 attempts should have never been reached in the first place.

As I studied the sample entries that CSF emailed to me, I noticed all the emails in question were in fact destined for email accounts and domains that are hosted on our server.

So, I am confused.. I set this to 100 for now but I am concerned about this setting basically because I don't entirely understand the way it's suppose to work.

As I understand the setting at the moment, CSF will consider and IP sending mail to email accounts or domains hosted on our server as an IP that's "RELAY"ing through us and hold the IP to whatever limit I have set. At the moment it's set to 100.

So, with the way I have things set now. If a large provider like Google sends over 100 emails per hour from a single Google IP, then that Google IP will be blocked and lots of mail will be rejected for my legit users.

I looked around for a more detailed explanation of this feature but was unable to find much so I am trying a post here.

LOVE this product and it's far and above Fail2ban which I previously tried. Great job on this product!

Re: RT_RELAY explanation?

Posted: 08 Jul 2015, 16:29
by shenzy
I have the same question.
In my case i have RT_RELAY_LIMIT = 250
And I receive "RELAY Alert for xxx.xxx.xxx.xxx" but the mails in the report (the first 10 emails) are mails for local accounts ?? .