CSF blocks email every few weeks and needs a restart

6 posts Page 1 of 1
araspa
Junior Member
Posts: 4
Joined: 25 Jan 2019, 01:41


Hi folks,

We have a really unusual intermittent issue that is driving us crazy. We have a number of clients using O365 mail service for sending mail from their WordPress websites. We have a plug-in installed that sends and logs emails via SMTP to office 365 (Post SMTP aka postman) The plug-in is OK with diagnostic information and when this issue occurs, we can deduce that when it drops out the mail is redirected locally to the WHM server to send using Exim (instead of o365 remotely as its been set up). This is a significant issue as the email account doesn’t exist and as such the emails are not sent.

We have been able to work out that CSF is the cause of the redirection. If CSF is disabled, the redirection doesn’t occur and everything works as it should. If we restart CSF, the issue is resolved, however returns after a few days (we haven’t been able to zero in on an exact timeframe, however it seems to be random, but so far not more than 14 days). Once it starts redirecting, it continues to redirect until restarted (without any changes to the configuration). This is happening across three different web servers at different intervals.

We have confirmed (both through WHM UI and SSH to csf.conf):

-SMTP block is disabled
-All mail ports are included in TCP_OUT
-All mail ports are included in TCP6_OUT
-SMTP_Redirect is disabled

There is no reason we can determine why CSF would be initiating a redirect, however it is definitely the cause of the redirect.

Have any of you encountered something like this, or able to give us a hint on where to start investigating?
araspa
Junior Member
Posts: 4
Joined: 25 Jan 2019, 01:41


Tough one hey folks.
Happy to pay and expert, we would just like to target the issue so we can point them in the right direction.
The issue recurred today exactly 1 week later. Will continue to monitor.
Sergio
Junior Member
Posts: 1366
Joined: 12 Dec 2006, 14:56


Check your DNS ZONE and check the time to live of any of the options there.
On the ZONE DNS, how many and what are the MX that you are using?

Check if you still have the MX that cpanel created when you created the account.

In the ZONE DNS at the bottom of it you will see the following:

Email Routing for “domain.com” (The domain is owned by “userdomain”).
Automatically Detect Configuration: Remote (recommended)
Local Mail Exchanger
Backup Mail Exchanger
* Remote Mail Exchanger
The current setting is shown in bold.
If you have it on Automatic, try to set it to REMOTE option.

Sergio
araspa
Junior Member
Posts: 4
Joined: 25 Jan 2019, 01:41


This is happening for a server which hosts many,

If I choose a specific customer/host - Remote is selected and only one MX record to O365.

Remember everything is operating within specifications then CSF stops sending email and a csf -r resolves all the issues for another week
Sergio
Junior Member
Posts: 1366
Joined: 12 Dec 2006, 14:56


It is very hard to guess what it could be without seeing any other info from the server.
Check the logs at the time that this happens, check
/var/log/exim_mainlog
/var/exim_rejectlog
/var/log/maillog
/var/log/messages

Sergio
ForumAdmin
Moderator
Posts: 1429
Joined: 01 Oct 2008, 09:24


6 posts Page 1 of 1