How To Troubleshoot Your CleanMail Server Installation

So you just installed CleanMail, but the CleanMail service is not starting? Or everything seems to be working fine, but the simple relay check is complaining about open relays? Relax, you found the right document.

About Sockets, Ports and Listeners

An SMTP server is constantly ready to receive incoming connections from other mail transfer agents (MTAs, mail clients or other mail servers). In other words, it is listening on the SMTP port of your machine.

As a rule, only one program can be listening at the same time on any given port for any IP address, and if you run CleanMail and the mail server software on the same machine, this is the first trouble you may run into: Your mail server and CleanMail contend for the SMTP port of your machine, but only one can use it, while the other fails to initialize. If CleanMail fails to grab the port, it will file a complaint in its logfile, and exit (look for a WSAEADDRINUSE message in nospamtoday.log).

To fix this problem, make sure CleanMail is the only program configured to listen on the SMTP port. This can be done two ways: by using different ports for the mail server and for CleanMail, or by using different IP addresses for CleanMail and for your mail server.

Some more things to keep in mind:

Once both your mail server and CleanMail are up and running, it is time to check that everything is working right.

Testing the Basic Proxy Setup

Fortunately, the SMTP protocol was designed to be readable by human eyes. Because of this, the ubiquitous, ages-old telnet program proves most useful to test your setup. In Windows, you can run telnet from the start menu (choose "Execute", and type "telnet"). Here is the transcript of a sample telnet session:

C:\>telnet 25
Connected to
Escape character is '^]'.
220 ESMTP Exim 3.35 #1 Thu, 25 Mar 2004 16:59:54 +0100
221 closing connection
Connection closed by foreign host.

Try to connect with telnet to both your mail server, and to CleanMail, once the server sends its welcome, issue a QUIT command. If everything works, you will get exactly the same replies both times.

If you are a good typist (you do not need to be fast, but you must not make any typing errors) you can send emails with telnet. There is no need for such luxury as an email client. Try, just for the fun of it, to send a mail from god@heaven.above to your friend. All you need to know can be found in the SMTP protocol specification.

Relay Settings

Relaying is... whenever one of your users is sending a mail over your mail server to an outbound address. Clearly, you can't allow this to happen for just anybody connected in from the outside world: spammers would use your mail server to harrass innocent people, your mail server would get listed in an open relay database, and and and...

The "Simple Open Relay Check" integrated in the CleanMail admin wizard tests just this. It tries all the preliminary steps of sending a mail to, using your mail server. If your mail server allows this without an error reply, there is a problem, and you are not finished configuring yet:

Some mail servers, have the vexing habit to accept mails to any recipient address in the local domain. Undeliverable mails are silently forwarded to postmaster. If you can't find a way to turn this off, you can use CleanMail's relay protection setting to achieve the same. Enter all allowable mail addresses and aliases here, and all other mail will be rejected outright by the CleanMail proxy.

CleanMail and Microsoft Exchange

In a two IP address setup, Microsoft Exchange 2000 sometimes grabs the SMTP port on all interfaces, even when it has been configured not to. Click here for a Microsoft knowledge base article that tells you what to do.

Closing Remarks

Your feedback is welcome! Please submit hints and suggestions to .