The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apple Macs trigger IP blocks - port 587

Discussion in 'E-mail Discussions' started by BigLebowski, Jun 4, 2010.

  1. BigLebowski

    BigLebowski Well-Known Member

    Joined:
    Dec 24, 2007
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Hi there

    We have port 587 (Mail Submission) closed but apple macs keep scanning it resulting in LFD blocks. This message in /var/log/messages is typical:

    Jun 4 12:29:28 ns10 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:15:c5:e9:c3:2d:00:1c:0f:5c:d1:00:08:00 SRC=109.180.184.92 DST=195.238.172.13 LEN=64 TOS=0x00 PREC=0x00 TTL=47 ID=23013 DF PROTO=TCP SPT=51194 DPT=587 WINDOW=65535 RES=0x00 SYN URGP=0

    triggering in lfd.log:

    Jun 4 12:29:28 ns lfd[32662]: *Port Scan* detected from 109.180.184.92. 11 its in the last 192 seconds - *Blocked in csf* for 3600 secs

    This produces irate customers.

    Can the 587 scan be switched off easily in Apple clients? Annoyingly they seem to try 587 first by default. What are the ramifications of opening 587 in the CSF firewall if that will help?

    TIA
    Dude
     
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Don't know about turning off access to 587 in Mac email clients but 587 is generally seen as a useful alternative if 25 is blocked, by an ISP for instance.

    Do you have 587 blocked for a particular reason?
     
  3. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    This probably needs to be discussed at the configserver forums rather than here.

    I've seen customers blocked by this and it's a real problem - possibly solvable by running something useful on that port!
     
  4. ne0shell

    ne0shell Well-Known Member

    Joined:
    Oct 9, 2003
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    6
    You could make use of the cPanel option "run a second instance of Exim on another port" option found under the "service manager" menu in WHM - "exim on another port". Enter 587 in the box, check "enabled" and "monitored" and click "save" at the bottom.

    You should find improved email connectivity for not only Mac users but MS Outlook clients as well.

    Be sure to add port 587 to your allowed ports in your CSF configuration.
     

Share This Page