Skip to main content
cPanel Technical Support has been heavily impacted by hurricane Beryl and our ability to respond to tickets has been hindered as a result. We appreciate your understanding and patience as we address these delays.

Outgoing smtp connections, to local Exim

Comments

5 comments

  • cPanelMichael
    Hello, Can you verify if the "WHM Home " Security Center " SMTP Restrictions" feature is enabled on this system? If so, does disabling it solve the issue? Thank you.
    0
  • Anas Ashfaq
    Hello, Disabling the restrictions solves the issue but is that a recommended solution? Is there a way to enable the smtp restrictions and add an exception to the trust mail sending providers e.g. mailgun Thank you
    0
  • cPWilliamL
    We don't provide a method at this time to make this option specific to users or outbound hosts; however, this is simply implemented through iptables UID/GID matches:
    # iptables -nL|grep match ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587 owner GID match 992 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587 owner GID match 12 ACCEPT tcp -- 0.0.0.0/0 127.0.0.1 multiport dports 25,465,587 owner UID match 202 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587 owner UID match 0
    It shouldn't be difficult to apply manually, but this would also make a good feature request. I also believe CSF(ConfigServer Security and Firewall) provides this functionality.
    0
  • kawasakai
    Hello,
    It shouldn't be difficult to apply manually, but this would also make a good feature request. I also believe CSF(ConfigServer Security and Firewall) provides this functionality.

    My current rule to allow reaching external SMTP servers for a certain user looks like:
    iptables -t nat -I OUTPUT 5 -d 1.2.3.4 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner 1036 -j RETURN
    Now I need some advice how to to apply this rule permanent, in in a way which doesn't disturb cPanels own ruleset.
    0
  • cPanelMichael
    Now I need some advice how to to apply this rule permanent, in in a way which doesn't disturb cPanels own ruleset.

    Have you considered using CSF to manage the firewall rules? CSF offers options that allow you to restrict SMTP similar to the SMTP Restrictions option in WHM, but with more control over specific users: ConfigServer Security & Firewall (csf) Or, you could simply use CSF to manage your own custom firewall rules to ensure they are preserved through restarts. Thank you.
    0

Please sign in to leave a comment.