We have an ooooold version of IMail (8.05) that is configured to not relay...and passes all the web based open relay test tools we can find. Yet we still see email being relayed occaisionally, which has caused BarracudaCentral to think we're spammers. Aside from upgrading our ancient IMail (which is planned)...are there any known tools to more aggresively test relaying?
SnapOverflow
The latest version of IMail is version 11.
There are enough security holes between 8.05 and 11 that I'd strongly recommend upgrading or going with a different mail server. (I know you said it was planned but I'd bump it up a notch or two on the priority list.) ;-)
Think of it this way, you're basically using 2003-2004 software and expecting it to still be secure and stable.
Check out this page for a list of potential vulnerabilities:
http://www.imailserver.com/support/patch-upgrades.asp
Hope this helps.
Do you have it set up to require authentication (user name/password) on all accounts to send email? This setting also requires the user to check that box on the smtp in the client. Without that spammers just need to know an account name and can send mail. Have you looked at the log files for the specific emails that are getting through? In one case we actually had a spammer figure out a weak password and so was sending email "legitimately". The log file for a couple of the passed emails may really help figure out what still needs to be locked down. We use Imail as well here and have for years though we are slightly more up to date on it. We still have to do the most recent upgrade though.