The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

APF - Exim Mail

Discussion in 'E-mail Discussions' started by demomen, Jan 17, 2006.

  1. demomen

    demomen Well-Known Member

    Joined:
    Sep 25, 2004
    Messages:
    111
    Likes Received:
    0
    Trophy Points:
    16
    I'm having an issue with APF and exim. To send emails the tcp port between 44000 and 50000 need to be enabled. Mail is received OK but to send you have to allow ports 44000_50000. Even though the default ports are open. Ignore the space in the 2087 it is how it is posted

    HTML:
    IG_TCP_CPORTS
    21,22,25,53,80,110,143,443,2082,2083,2084,2086,2087,2095,2096

    I cannot see why it is doing this does anyone know? It is on a VPS. Same for wget
     
  2. xerophyte

    xerophyte Well-Known Member

    Joined:
    Mar 16, 2003
    Messages:
    216
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Didn't get your question correctnly, you need to add those ports to the apf configuration file, your post missing those ports. Make sure you have added to IG an EG
     
  3. demomen

    demomen Well-Known Member

    Joined:
    Sep 25, 2004
    Messages:
    111
    Likes Received:
    0
    Trophy Points:
    16
    Setup is below. The problem is with the below setup. You are unable to send out emails. You can only receive emails.

    To allow emails to be sent you have to add to APF

    # Common ingress (inbound) TCP ports
    44000_50000

    EG:

    # Common ingress (inbound) TCP ports
    IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,2083,2084,2086,2087,2095,2096,44000_50000"






    IFACE_IN="venet0"
    IFACE_OUT="venet0"

    SET_MONOKERN="1"


    # Common ingress (inbound) TCP ports
    IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,2083,2084,2086,2087,2095,2096"

    # Common ingress (inbound) UDP ports
    IG_UDP_CPORTS="21,53,465,873"

    # Common ICMP (inbound) types
    # 'internals/icmp.types' for type definition; 'all' is wildcard for any
    IG_ICMP_TYPES="3,5,11,0,30,8"


    # Egress filtering [0 = Disabled / 1 = Enabled]
    EGF="0"

    # Common egress (outbound) TCP ports
    EG_TCP_CPORTS="21,22,25,53,80,110,443,2089"

    # Common egress (outbound) UDP ports
    EG_UDP_CPORTS="20,21,53"

    # Common ICMP egress (outbound) types
    # 'internals/icmp.types' for type definition; 'all' is wildcard for any
    EG_ICMP_TYPES="all"
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Those ephemeral ports have nothing whatsoeve to do with mail delivery, that's done on port 25. If you're having to open those ports then APF isn't working (which isn't uncommon). The ports that need to be open are listed in the cPanel FAQ.
     
  5. demomen

    demomen Well-Known Member

    Joined:
    Sep 25, 2004
    Messages:
    111
    Likes Received:
    0
    Trophy Points:
    16
    Thanks chirpy, this is what I have been told

    The rule for allowing tpc traffic on established connections isn't being used and its just using the drop all inbound, no one has any ideas
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Then I'd suggest not using APF - I've seen that happen on many servers and is clearly a bug in that firewall. In such situations I've successfully used KissMyFirewall as an SPI firewall script replacement.
     
Loading...

Share This Page