Apple Macs trigger IP blocks - port 587

[BigLebowski]

Hi there

We have port 587 (Mail Submission) closed but apple macs keep scanning it resulting in LFD blocks. This message in /var/log/messages is typical:

Jun 4 12:29:28 ns10 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:15:c5:e9:c3:2d:00:1c:0f:5c:d1:00:08:00 SRC=109.180.184.92 DST=195.238.172.13 LEN=64 TOS=0x00 PREC=0x00 TTL=47 ID=23013 DF PROTO=TCP SPT=51194 DPT=587 WINDOW=65535 RES=0x00 SYN URGP=0

triggering in lfd.log:

Jun 4 12:29:28 ns lfd[32662]: *Port Scan* detected from 109.180.184.92. 11 its in the last 192 seconds - *Blocked in csf* for 3600 secs

This produces irate customers.

Can the 587 scan be switched off easily in Apple clients? Annoyingly they seem to try 587 first by default. What are the ramifications of opening 587 in the CSF firewall if that will help?

TIA
Dude

[sawbuck]

Don't know about turning off access to 587 in Mac email clients but 587 is generally seen as a useful alternative if 25 is blocked, by an ISP for instance.

Do you have 587 blocked for a particular reason?

[brianoz]

This probably needs to be discussed at the configserver forums rather than here.

I've seen customers blocked by this and it's a real problem - possibly solvable by running something useful on that port!

[ne0shell]

You could make use of the cPanel option "run a second instance of Exim on another port" option found under the "service manager" menu in WHM - "exim on another port". Enter 587 in the box, check "enabled" and "monitored" and click "save" at the bottom.

You should find improved email connectivity for not only Mac users but MS Outlook clients as well.

Be sure to add port 587 to your allowed ports in your CSF configuration.