Block port 25 outgoing but let Exim still connect ?

**driverC** · 02-20-2008 02:54 PM

Spammers are using my server's telnet (via hacked PHP scripts) to send spam to remote servers. This way I can not track them down since their emails do not appear in the Exim mainlog and in Apache's logs any PHP script could be it !! What an intelligent way to send spam, isn't it ?

What I need to do is to block outgoing connections on port 25 but still let Exim use port 25. Is this possible. Block everything except for Exim from setting up outgoing connections on port 25 ? How would I do that ?

**cPanelDavidG** · 02-20-2008 03:05 PM

Originally Posted by driverC

Spammers are using my server's telnet (via hacked PHP scripts) to send spam to remote servers. This way I can not track them down since their emails do not appear in the Exim mainlog and in Apache's logs any PHP script could be it !! What an intelligent way to send spam, isn't it ?

What I need to do is to block outgoing connections on port 25 but still let Exim use port 25. Is this possible. Block everything except for Exim from setting up outgoing connections on port 25 ? How would I do that ?

Try enabling the SMTP Tweak in WHM -> Security -> Security Center, it is designed for this type of situation.

**driverC** · 02-20-2008 03:31 PM

Ok I just found out something very interesting. The SMTP tweak thing works but I have APF installed and as soon as I restart APF the SMTP tweak no longer blocks connections ! What can I do to ensure that APF will not kill the SMTP tweak off ?

**chirpy** · 02-20-2008 04:55 PM

You'd have to write custom iptables rules for APF that does the same thing as the smtptweak since APF purges the existing rules when you start it. Or, you could try csf which has the same functionality as the smtptweak inbuilt.

**driverC** · 02-23-2008 06:56 AM

I found there is a script in the /scripts directory that enables the smtp tweak so I just run this every minute using a cron job. The complaints have ceased.

**nothsa** · 03-27-2008 01:06 PM

What's the script?

**natong** · 05-31-2008 12:03 PM

I enable " SMTP Tweak" but exim can't send mail out too. beaware/

This SMTP tweak will prevent users from bypassing the mail server to send mail (This is a common practice used by spammers). It will only allow the MTA (mail transport agent), mailman, and root to connect to remote SMTP servers.

**cPanelDavidG** · 06-02-2008 01:11 PM

Originally Posted by natong

I enable " SMTP Tweak" but exim can't send mail out too. beaware/

This SMTP tweak will prevent users from bypassing the mail server to send mail (This is a common practice used by spammers). It will only allow the MTA (mail transport agent), mailman, and root to connect to remote SMTP servers.

Exim is the MTA. If Exim stops functioning completely when you enable SMTP Tweak, something is wrong and perhaps you should have a technical analyst take a look at that: http://tickets.cpanel.net/submit

**Michiel Pierik** · 07-15-2009 09:17 AM

Originally Posted by driverC

I found there is a script in the /scripts directory that enables the smtp tweak so I just run this every minute using a cron job. The complaints have ceased.

You could also modify the apf init script to run the script after starting apf. To do that your start section would have to look like this:
start)
echo -n "Starting APF:"
/usr/local/sbin/apf --start >> /dev/null 2>&1
/scripts/smtpmailgidonly on
echo_success
echo
;;

That way you dont need to wait for the cronjob to run

LinkBack

Thread Tools

Block port 25 outgoing but let Exim still connect ?

I want to block a certain outgoing

Exim: unable to connect to port 25

Exim Block IP from connecting to port 25

How do I block port 25 exim?