Community Forums
Connect with us on LinkedIn
Community Notice
Cpanel blocks port 26.
  
+ Reply to Thread
Results 1 to 5 of 5
  1. 08-20-2005 07:49 PM #1
    marek
    marek is offline
    Registered User
    Join Date
    Aug 2005
    Posts
    3

    Default Cpanel blocks port 26.

    Hello,

    We have set up RedHat ES3 /etc/sysconfig/iptables allowing port 26 to remain open for Exim:

    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 26 -j ACCEPT

    iptables -L | grep 26
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:26

    However, every? morning we disover that this port gets closed by the iptables firewall:

    ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:12:3f:24:a8:86:00:11:43:d6:cb:48:08:00 SRC
    =x.x.x.x DST=y.y.y.y LEN=60 TOS=0x04 PREC=0x00 TTL=53 ID=44220 DF PR
    OTO=TCP SPT=65116 DPT=26 WINDOW=5840 RES=0x00 SYN URGP=0

    We cannot figure out which process/cron/script does it, and I am looking for a bit of help here.
    Root crontab is as follow:
    54 4 * * * /scripts/upcp
    0 1 * * * /scripts/cpbackup
    */15 * * * * /usr/local/cpanel/whostmgr/bin/dnsqueue > /dev/null 2>&1
    2,58 * * * * /usr/local/bandmin/bandmin
    0 0 * * * /usr/local/bandmin/ipaddrmap
    0 6 * * * /scripts/exim_tidydb > /dev/null 2>&1
    */5 * * * * /usr/local/cpanel/bin/dcpumon >/dev/null 2>&1

    Thanks,
    Marek
    Reply With Quote Reply With Quote
  2. 08-20-2005 07:55 PM #2
    dgbaker
    dgbaker is offline
    Moderator cPanel Partner NOC Badge dgbaker's Avatar
    Join Date
    Sep 2002
    Location
    Toronto, Ontario Canada
    Posts
    2,773

    Default

    Have you gone to WHM Main >> Service Configuration >> Service Manager

    and set the "exim on another port " option?
    Regards,
    David
    Forum Moderator
    Reply With Quote Reply With Quote
  3. 08-22-2005 06:29 PM #3
    marek
    marek is offline
    Registered User
    Join Date
    Aug 2005
    Posts
    3

    Default

    Tkanks David but "exim on another port " option was checked.
    I set up a simple cronjob script indicating firewall blocking port 26 after 03:05:00 and before 04:05:00

    Mon Aug 22 03:05:00 PDT 2005
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:26

    Mon Aug 22 04:05:00 PDT 2005
    Mon Aug 22 05:05:01 PDT 2005
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:26
    Reply With Quote Reply With Quote
  4. 08-23-2005 05:37 AM #4
    chirpy
    chirpy is offline
    Super Moderator This forum account has been confirmed by cPanel staff to represent a vendor. chirpy's Avatar
    Join Date
    Jun 2002
    Location
    Go on, have a guess
    Posts
    13,495

    Default

    That will happen if you've enabled WHM > Tweak Security > SMTP Tweak
    Jonathan Michaelson

    Need your cPanel servers secured and tuned?
    cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
    Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
    http://www.configserver.com
    Reply With Quote Reply With Quote
  5. 08-24-2005 12:25 PM #5
    marek
    marek is offline
    Registered User
    Join Date
    Aug 2005
    Posts
    3

    Default

    Thank you for suggestion, Jonathan, but the problem persists.
    However, there is Advanced Policy Firewall apf intrusion detection/firewall program that is probably causing it. It runs from daily cron at 4:02AM.

    Output from my monitoring script
    Wed Aug 24 03:05:00 PDT 2005
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25

    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:26


    Wed Aug 24 04:05:01 PDT 2005
    DROP all -- 221.126.137.0/24 0.0.0.0/0
    DROP all -- 255.255.255.255 0.0.0.0/0
    DROP icmp -- 0.0.0.0/0 0.0.0.255/0.0.0.255
    DROP all -- 0.0.0.0/0 0.0.0.255/0.0.0.255
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
    DROP all -- 0.0.0.0/0 221.126.137.0/24
    DROP all -- 255.255.255.255 0.0.0.0/0

    Thank you both for good leads.

    Marek
    Reply With Quote Reply With Quote
«   Creating Accounts Without Creating Packages First | Block linking to ip/~user? »     
Similar Threads & Tags
Similar threads

  1. Apple Macs trigger IP blocks - port 587
    By BigLebowski in forum E-mail Discussions
    Replies: 3
    Last Post: 06-06-2010, 12:37 AM
  2. Apple Macs trigger IP blocks - port 587
    By BigLebowski in forum Security
    Replies: 0
    Last Post: 06-04-2010, 07:54 AM
  3. Something blocks php script to login to cpanel
    By trecords in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 04-16-2010, 08:19 AM
  4. Feature that blocks outgoing port 25
    By eduardosilva in forum E-mail Discussions
    Replies: 2
    Last Post: 06-15-2009, 09:48 AM
  5. cpanel blocks google and yahoo
    By fistfullast33l in forum cPanel and WHM Discussions
    Replies: 2
    Last Post: 10-07-2003, 10:24 PM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube