[example ~]% telnet mail-abuse.org
Trying 204.152.184.74...
Connected to mail-abuse.org.
Escape character is '^]'.
Connecting to 23.23.23.23 ...
<<< 220 test.whitehats.com ESMTP Sendmail 8.11.2; Tue, 13 Mar 2001 17:49:07 -0800
>>> HELO dante.mail-abuse.org
<<< 250 test.whitehats.com Hello dante.mail-abuse.org [204.152.184.35], pleased to meet you
:Relay test: #Quote test
>>> mail from: <spamtest@test.whitehats.com>
<<< 250 2.1.0 <spamtest@test.whitehats.com>... Sender ok
>>> rcpt to: <"nobody@mail-abuse.org">
<<< 550 5.7.1 <"nobody@mail-abuse.org">... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
This was a duplicate of test #10, dimmed to indicate.

:Relay test: #Test 1
>>> mail from: <nobody@mail-abuse.org>
<<< 250 2.1.0 <nobody@mail-abuse.org>... Sender ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 550 5.7.1 <nobody@mail-abuse.org>... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
Attempt to send email where source and destination addresses are the same.

:Relay test: #Test 2
>>> mail from: <spamtest@maps1.pa.vix.com>
<<< 501 5.1.8 <spamtest@maps1.pa.vix.com>... Sender domain must exist
>>> rset
<<< 250 2.0.0 Reset state
Attempt to use an invalid source address.

:Relay test: #test 3
>>> mail from: <spamtest@localhost>
<<< 553 5.5.4 <spamtest@localhost>... Real domain name required
>>> rset
<<< 250 2.0.0 Reset state
Used the localhost hostname in the source address. This probably fools older SMTP servers.

:Relay test: #Test 4
>>> mail from: <spamtest>
<<< 553 5.5.4 <spamtest>... Domain name required
>>> rset
<<< 250 2.0.0 Reset state
Omitted the domain name entirely, expecting that the mail would be delivered as though it were local.

:Relay test: #Test 5
>>> mail from: <>
<<< 250 2.1.0 <>... Sender ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 550 5.7.1 <nobody@mail-abuse.org>... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
Omit source address entirely.

:Relay test: #Test 6
>>> mail from: <spamtest@test.whitehats.com>
<<< 250 2.1.0 <spamtest@test.whitehats.com>... Sender ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 550 5.7.1 <nobody@mail-abuse.org>... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
Specify the FQDN (fully qualified domain name) of the victim server as the host in the source address.

:Relay test: #Test 7
>>> mail from: <spamtest@[23.23.23.23]>
<<< 250 2.1.0 <spamtest@[23.23.23.23]>... Sender ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 550 5.7.1 <nobody@mail-abuse.org>... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
Use the IP address of the victim SMTP server enclosed in brackets.

:Relay test: #Test 8
>>> mail from: <spamtest@test.whitehats.com>
<<< 250 2.1.0 <spamtest@test.whitehats.com>... Sender ok
>>> rcpt to: <nobody%mail-abuse.org@test.whitehats.com>
<<< 550 5.7.1 <nobody%mail-abuse.org@test.whitehats.com>... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
Use % style relaying (legacy email systems may support this syntax).

:Relay test: #Test 9
>>> mail from: <spamtest@test.whitehats.com>
<<< 250 2.1.0 <spamtest@test.whitehats.com>... Sender ok
>>> rcpt to: <nobody%mail-abuse.org@[23.23.23.23]>
<<< 550 5.7.1 <nobody%mail-abuse.org@[23.23.23.23]>... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
Use & style relaying as well and using the victim SMTP server IP address instead of it's FQDN.

:Relay test: #Test 10
>>> mail from: <spamtest@test.whitehats.com>
<<< 250 2.1.0 <spamtest@test.whitehats.com>... Sender ok
>>> rcpt to: <"nobody@mail-abuse.org">
<<< 550 5.7.1 <"nobody@mail-abuse.org">... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
Encapsulate the destination address in double quotes.

:Relay test: #Test 11
>>> mail from: <spamtest@test.whitehats.com>
<<< 250 2.1.0 <spamtest@test.whitehats.com>... Sender ok
>>> rcpt to: <"nobody%mail-abuse.org">
<<< 550 5.7.1 <"nobody%mail-abuse.org">... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
Use % style syntax and encapsulate in double quotes.

:Relay test: #Test 12
>>> mail from: <spamtest@[23.23.23.23]>
<<< 250 2.1.0 <spamtest@[23.23.23.23]>... Sender ok
>>> rcpt to: <"nobody@mail-abuse.org@test.whitehats.com">
<<< 550 5.7.1 <"nobody@mail-abuse.org@test.whitehats.com">... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
Source email address hostname is IP of victim SMTP server, also destination email uses @@ relay syntax and is enclosed in double quotes.

:Relay test: #Test 13
>>> mail from: <spamtest@test.whitehats.com>
<<< 250 2.1.0 <spamtest@test.whitehats.com>... Sender ok
>>> rcpt to: <"nobody@mail-abuse.org"@[23.23.23.23]>
<<< 550 5.7.1 <"nobody@mail-abuse.org"@[23.23.23.23]>... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
Destination email address uses double quotes around the intended target, and uses the IP address of the victim SMTP server.

:Relay test: #Test 14
>>> mail from: <spamtest@test.whitehats.com>
<<< 250 2.1.0 <spamtest@test.whitehats.com>... Sender ok
>>> rcpt to: <nobody@mail-abuse.org@[23.23.23.23]>
<<< 550 5.7.1 <nobody@mail-abuse.org@[23.23.23.23]>... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
Relaying style without quotes but using the IP address of the victim SMTP server.

:Relay test: #Test 15
>>> mail from: <spamtest@[23.23.23.23]>
<<< 250 2.1.0 <spamtest@[23.23.23.23]>... Sender ok
>>> rcpt to: <@test.whitehats.com:nobody@mail-abuse.org>
<<< 550 5.7.1 <@test.whitehats.com:nobody@mail-abuse.org>... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
Another email syntax that may allow relaying.

:Relay test: #Test 16
>>> mail from: <spamtest@test.whitehats.com>
<<< 250 2.1.0 <spamtest@test.whitehats.com>... Sender ok
>>> rcpt to: <@[23.23.23.23]:nobody@mail-abuse.org>
<<< 550 5.7.1 <@[23.23.23.23]:nobody@mail-abuse.org>... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
Another email syntax that may allow relaying, this time using the IP address of the victim SMTP server.

:Relay test: #Test 17
>>> mail from: <spamtest@[23.23.23.23]>
<<< 250 2.1.0 <spamtest@[23.23.23.23]>... Sender ok
>>> rcpt to: <mail-abuse.org!nobody>
<<< 550 5.1.1 <mail-abuse.org!nobody>... User unknown
>>> rset
<<< 250 2.0.0 Reset state
Alternate email addressing syntax and IP address used in source email.

:Relay test: #test 18
>>> mail from: <spamtest@test.whitehats.com>
<<< 250 2.1.0 <spamtest@test.whitehats.com>... Sender ok
>>> rcpt to: <mail-abuse.org!nobody@[23.23.23.23]>
<<< 550 5.7.1 <mail-abuse.org!nobody@[23.23.23.23]>... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
Alternate email addressing syntax and victim SMTP server IP address used in destination email.

:Relay test: #test 19
>>> mail from: <postmaster@test.whitehats.com>
<<< 250 2.1.0 <postmaster@test.whitehats.com>... Sender ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 550 5.7.1 <nobody@mail-abuse.org>... Relaying denied
>>> rset
<<< 250 2.0.0 Reset state
Here they tried to use the "postmaster" source account name. Perhaps this has a special significance for certain SMTP and will be permitted.

>>> QUIT
<<< 221 2.0.0 local.whitehats.com closing connection
Tested host banner: 220 test.whitehats.com ESMTP Sendmail 8.11.2; Tue, 13 Mar 2001 17:49:07 -0800
System appeared to reject relay attempts
Connection closed by foreign host.
[example ~]%