APF - Exim Mail
I'm having an issue with APF and exim. To send emails the tcp port between 44000 and 50000 need to be enabled. Mail is received OK but to send you have to allow ports 44000_50000. Even though the default ports are open. Ignore the space in the 2087 it is how it is posted
HTML Code:IG_TCP_CPORTS 21,22,25,53,80,110,143,443,2082,2083,2084,2086,2087,2095,2096
I cannot see why it is doing this does anyone know? It is on a VPS. Same for wget
Didn't get your question correctnly, you need to add those ports to the apf configuration file, your post missing those ports. Make sure you have added to IG an EG
Affordable Linux Server Managament Solution
http://www.linuxnetworkcare.com/services/cpanel.php
[ Phone: 647-722-5303 MSN : sutha@linuxnetworkcare.com AIM : xerophytev skype:ksutha5]
Setup is below. The problem is with the below setup. You are unable to send out emails. You can only receive emails.
To allow emails to be sent you have to add to APF
# Common ingress (inbound) TCP ports
44000_50000
EG:
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,2083,2084,2086,2087,2095,2096,44000_50000"
IFACE_IN="venet0"
IFACE_OUT="venet0"
SET_MONOKERN="1"
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,2083,2084,2086,2087,2095,2096"
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="21,53,465,873"
# Common ICMP (inbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any
IG_ICMP_TYPES="3,5,11,0,30,8"
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="0"
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,22,25,53,80,110,443,2089"
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"
# Common ICMP egress (outbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any
EG_ICMP_TYPES="all"
Those ephemeral ports have nothing whatsoeve to do with mail delivery, that's done on port 25. If you're having to open those ports then APF isn't working (which isn't uncommon). The ports that need to be open are listed in the cPanel FAQ.
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
Thanks chirpy, this is what I have been told
The rule for allowing tpc traffic on established connections isn't being used and its just using the drop all inbound, no one has any ideas
Then I'd suggest not using APF - I've seen that happen on many servers and is clearly a bug in that firewall. In such situations I've successfully used KissMyFirewall as an SPI firewall script replacement.
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
LinkBack URL
About LinkBacks
Reply With Quote