Page 1 of 3

CSF Blocking SMTP mail when its not configured to do so

Posted: 15 Jun 2016, 22:23
by Nolph
We have CSF installed on our server and it seems to block mail coming from our billing system. I have configured it to allow the SMTP PHP mail to go through. It starts working for a few days then starts blocking again. I have to reboot the CSF services for it to start working again then it does the same thing a few days later.

Is there any insight as to why this is happening?

Re: CSF Blocking SMTP mail when its not configured to do so

Posted: 16 Jun 2016, 15:10
by Sergio
Post some log lines to check what is going on.

Re: CSF Blocking SMTP mail when its not configured to do so

Posted: 26 Jul 2016, 01:25
by FDGWeb
We have the exact same problem.

We're using Sendgrid to send SMTP email - it works fine, then CSF blocks it from sending email. There's nothing specific in the mail logs. None of the IPs internal or external for Sendgrid seem to be blocked.

When CSF is restarted .. everything works from anywhere between a few minutes to days later.

Which log (path/location) would be valuable to see? I'll dig it up.

Re: CSF Blocking SMTP mail when its not configured to do so

Posted: 26 Jul 2016, 07:01
by Sergio
You can check the following logs:
/var/log/messages
/var/log/exim_reject_log
/var/log/exim_mainlog

or you can do :
tail -f /var/log/messages
as root to monitor what happens in real time on your server.

Re: CSF Blocking SMTP mail when its not configured to do so

Posted: 03 Aug 2016, 22:59
by FDGWeb
Here's an Exim_log when it happens:

2016-08-03 17:45:28 SMTP connection from [IP ADDRESS]:40062 (TCP/IP connection count = 2)
2016-08-03 17:45:28 SMTP connection from [IP ADDRESS]:40064 (TCP/IP connection count = 3)
2016-08-03 17:45:28 SMTP connection from serverhost [IP ADDRESS]:40062 lost
2016-08-03 17:45:28 SMTP connection from serverhost [IP ADDRESS]:40064 lost

I've edited out the actual IPs. serverhost, etc. IP address = website where smtp connection is being made from.

Re: CSF Blocking SMTP mail when its not configured to do so

Posted: 03 Aug 2016, 23:23
by Sergio
You should check if the [IP ADDRESS] appears in /var/log/messages with any errors or warnings.

Re: CSF Blocking SMTP mail when its not configured to do so

Posted: 01 Dec 2018, 09:20
by NETLINK
I have been having this issue for a while, and so far, have not been able to figure out what the problem is. Everything will work as expected for a few days, sometimes longer. Then, suddenly, mail sent out by PHP with SMTP gets blocked and will not go out until I restart CSF.

There is nothing relevant in /var/log/messages. The following extract is from /var/log/exim_mainlog:

2018-12-01 09:09:04 SMTP connection from [67.xxx.xxx.11]:43178 (TCP/IP connection count = 1)
2018-12-01 09:09:04 SMTP connection from [67.xxx.xxx.11]:43178 lost (error: Connection reset by peer) D=0s

67.xxx.xxx.11 is the server's main IP address. All relevant ports and remote IPs are whitelisted.

Re: CSF Blocking SMTP mail when its not configured to do so

Posted: 01 Dec 2018, 13:57
by Sergio
Search the iP on the following files:
/var/log/exim_rejeclog
/var/log/maillog
/var/log/lfd.log

And post the info if something appears in there.

Re: CSF Blocking SMTP mail when its not configured to do so

Posted: 01 Dec 2018, 15:03
by NETLINK
01 Dec 2018, 13:57Sergio wrote:
Search the iP on the following files:
/var/log/exim_rejeclog
/var/log/maillog
/var/log/lfd.log

And post the info if something appears in there.
There is nothing in these logs. I searched by IP and also by timestamp (everything between 09:00:01 and 09:10:59.

I also tried restarting just lfd earlier. This did not solve the issue. It was only after I restarted csf.

Re: CSF Blocking SMTP mail when its not configured to do so

Posted: 01 Dec 2018, 15:23
by Sergio
I am curious, the IP from SMTP connection [67.xxx.xxx.11] is your server's IP?

You said "Then, suddenly, mail sent out by PHP with SMTP gets blocked and will not go out until I restart CSF."

Have you added the IP 67.xxx.xxx.11 on CSF allowed IP list?

Have you double checked that the PHP script is using the correct SMTP port/credentials to send the email?