The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Block port 25 outgoing but let Exim still connect ?

Discussion in 'General Discussion' started by driverC, Feb 20, 2008.

  1. driverC

    driverC Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    112
    Likes Received:
    0
    Trophy Points:
    16
    Spammers are using my server's telnet (via hacked PHP scripts) to send spam to remote servers. This way I can not track them down since their emails do not appear in the Exim mainlog and in Apache's logs any PHP script could be it !! What an intelligent way to send spam, isn't it ?

    What I need to do is to block outgoing connections on port 25 but still let Exim use port 25. Is this possible. Block everything except for Exim from setting up outgoing connections on port 25 ? How would I do that ?
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Try enabling the SMTP Tweak in WHM -> Security -> Security Center, it is designed for this type of situation.
     
  3. driverC

    driverC Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    112
    Likes Received:
    0
    Trophy Points:
    16
    Ok I just found out something very interesting. The SMTP tweak thing works but I have APF installed and as soon as I restart APF the SMTP tweak no longer blocks connections ! What can I do to ensure that APF will not kill the SMTP tweak off ?
     
    #3 driverC, Feb 20, 2008
    Last edited: Feb 20, 2008
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You'd have to write custom iptables rules for APF that does the same thing as the smtptweak since APF purges the existing rules when you start it. Or, you could try csf which has the same functionality as the smtptweak inbuilt.
     
  5. driverC

    driverC Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    112
    Likes Received:
    0
    Trophy Points:
    16
    I found there is a script in the /scripts directory that enables the smtp tweak so I just run this every minute using a cron job. The complaints have ceased.
     
  6. nothsa

    nothsa Well-Known Member

    Joined:
    Nov 30, 2004
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    What's the script?
     
  7. natong

    natong Well-Known Member

    Joined:
    May 17, 2008
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    I enable " SMTP Tweak" but exim can't send mail out too. beaware/


    This SMTP tweak will prevent users from bypassing the mail server to send mail (This is a common practice used by spammers). It will only allow the MTA (mail transport agent), mailman, and root to connect to remote SMTP servers.
     
  8. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Exim is the MTA. If Exim stops functioning completely when you enable SMTP Tweak, something is wrong and perhaps you should have a technical analyst take a look at that: http://tickets.cpanel.net/submit
     
  9. Michiel Pierik

    Michiel Pierik Registered

    Joined:
    Dec 1, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    You could also modify the apf init script to run the script after starting apf. To do that your start section would have to look like this:
    start)
    echo -n "Starting APF:"
    /usr/local/sbin/apf --start >> /dev/null 2>&1
    /scripts/smtpmailgidonly on
    echo_success
    echo
    ;;

    That way you dont need to wait for the cronjob to run :)
     
    #9 Michiel Pierik, Jul 15, 2009
    Last edited: Jul 20, 2009
Loading...

Share This Page