CSF Blocking SMTP mail when its not configured to do so

24 posts Page 3 of 3
NETLINK
Junior Member
Posts: 12
Joined: 20 Dec 2012, 18:39


Hi Sergio. Where would this be under? Relay Tracking?

RT_AUTHRELAY_LIMIT is set to 100
RT_AUTHRELAY_BLOCK is set to 0

It's my understanding that this will send an alert but not do any blocking.
Sergio
Junior Member
Posts: 1362
Joined: 12 Dec 2006, 14:56


I just wanted to be sure what do you have in there as it could block an IP to send emails if it has reached the limit and reading all of the info, this could be a possibility as CSF is blocking something and when CSF is turned off it lets the other server to run.
Another option to explore is to not have any BlackLIst set in CSF under LFD BLOCKLISTS, as could be that the IP range could be blocked and you don't know.

Basically, what I am trying to do is to check where is your external IP address to appear, besides the ALLOW and IGNORE options.
araspa
Junior Member
Posts: 4
Joined: 25 Jan 2019, 01:41


Apologies in advance for hijacking the thread but seems we also have the same issue..

https://forum.configserver.com/viewtopi ... =6&t=11153
wwnick
Junior Member
Posts: 5
Joined: 09 Dec 2018, 22:38


I *THINK* I may have just got a hint....

My Wordpress site decided to stop sending emails, and I managed to do a little testing. It was configured to send messages via SMTP to an external site, today I suddenly got emails that it wouldn't send due to incorrect authentication. So I used the test option in the Wordpress plugin and noticed this:

220-myserver.mydomain.net ESMTP Exim 4.91 #1 Thu,
14 Feb 2019 16:27:22 +1100
220-We do not authorize the use of this system to
transport unsolicited,
220 and/or bulk e-mail.
EHLO domainname
250-myserver.mydomain.net Hello domainname
[10.0.0.5]

After running csf-ra, I ran the test again, this time I saw this:

220 smtp.externalserver.com ESMTP ready
EHLO domainname
250-smtp.externalserver.com
250-PIPELINING
250-SIZE 71000000
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 STARTTLS
STARTTLS

(I've changed the names to protect the innocent :) )
As you can see, external traffic was being hijacked, and routed to the internal server. The outgoing port was 587.

I hope this is useful in tracking the issue down.
24 posts Page 3 of 3