/17 Google CIDR not being honored by /etc/csf/csf.allow for LF_DISTSMTP

Post Reply
fucine
Junior Member
Posts: 3
Joined: 21 Jan 2014, 16:43

/17 Google CIDR not being honored by /etc/csf/csf.allow for LF_DISTSMTP

Post by fucine »

Hi all!
We have these settings in place in CSF configuration file:
  • LF_DISTSMTP = 5
    LF_DISTSMTP_UNIQ = 3
    LF_DISTSMTP_PERM = 1
    LF_DISTSMTP_ALERT = On
    LF_DIST_INTERVAL = 300
And some DISTSMTP triggers have been intercepted because of some customer of ours having used Gmail for sending mail messages via our server's MTA.

So we received some mail warings (subj: "distributed SMTP Logins on account [omissis]") with Permanent Block [LF_DISTSMTP] notices, such as:
IP Addresses Blocked:
209.85.208.49 (US/United States/mail-ed1-f49.google.com)
209.85.208.51 (US/United States/mail-ed1-f51.google.com)
209.85.208.46 (US/United States/mail-ed1-f46.google.com)
209.85.208.41 (US/United States/mail-ed1-f41.google.com)
And those IPs were actually blocked by CSF, so that Gmail was not be able to send any envelope to any recipient account on our server.

Fact is that we had already allowed all CIDRs belonging to Google, by adding the complete list into /etc/csf/csf.allow file.
Also 209.85.128.0/17 was there, but those 209.85.208.* IPs were nevertheless banned.
How is that this could have happened, if all those IPs belong to that 209.85.128.0/17 CIDR?
In fact:
  • First IP > 209.85.128.0
    Last IP > 209.85.255.255
Is this a bug or what?
Anyway we have added those CIDRs also in csf.ignore. Can you confirm that this the correct way of handling DISTSMTP with regards to Google's CIDRs?
Thanks in advance and best regards to you all.
Post Reply