Can't enable SMTP Restrictions

bsmithcp

Member
Sep 5, 2013
12
0
1
cPanel Access Level
Website Owner
When I try to enable SMTP Restrictions I get the message:

"An error occurred attempting to update this setting."

Nothing shows in /usr/local/apache/logs/error_log and Google reveals nothing useful about this error message (it *might* be tied to iptables but I ran "yum update" just prior to installing cPanel).

A bit more info that may or may not matter:

The server is a Centos 64-bit VPS and everything else has gone great (this was actually the last thing on my short checklist of things to do).

I've also tried to set this in "Tweak Settings" but get the same result except that the error message is:

"There was an error updating Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak): "

I'd be grateful for any suggestions on what to check and/or do next. I was really surprised at how little a Google shows on this...it must not be that common of an error...

One other thing is that I'm on a trial license (if that could matter).
 
Last edited:

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
Are you using a software firewall such as APF or CSF? If you use CSF, then SMTP_BLOCK in csf config should be used instead of the WHM SMTP Tweak.

The only other thing I can think of is your virtual machine is lacking the xt/ipt owner/state or other iptables module(s) used by SMTP Tweak / SMTP_BLOCK. Many virtuozzo / openVZ parents do not have the necessary kernel modules. Xen and KVM should be fine. You usually only run into this on very old VPS hosts.

From root shell, check:
Code:
lsmod |egrep -i 'owner|state'
If that doesn't return xt_owner and xt_state or ipt_owner / ipt_state, then your virtual machine is lacking the kernel modules needed for this. You'd have to ask your hosting provider to add them to the parent server, and most will not, as they'd have to reboot everyone's VPS on that parent to add the module(s).

Also, check /usr/local/cpanel/logs/error_log instead of the apache error log.
 

bsmithcp

Member
Sep 5, 2013
12
0
1
cPanel Access Level
Website Owner
You're a genius.

lsmod |egrep -i 'owner|state' returns zilch so that must be the problem.

This VPS is with server4you.com. What command can I run to see exactly what the parent is? I can't find any mention of xen/kvm/openvz/virtuozzo on their website regarding VPS.

Also, can I still run the software firewalls you mentioned?
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
You can still use CSF, but SMTP_BLOCK won't work. The rest of the firewall features, for the most part, will work just fine.

As far as figuring out what type of VPS it is, you'd likely have to ask your host what type of virtualization software they use and hope that they'll tell you. You can't always tell from the "child." Likely they're using OpenVZ or Virtuozzo if you're in this situation, as newer platforms usually don't have this issue. Again, if it is a VZ platform, the modules could be added to the parent server by them if they're willing to do it, but I don't know if that company would be. Good luck :)
 

bsmithcp

Member
Sep 5, 2013
12
0
1
cPanel Access Level
Website Owner
Thanks for all the help. You are a gentleman and a scholar (as we say Down South) and I'll just try a different provider.

I've been wanting to give DigitalOcean a whirl anyway -- or I might give you a try if you offer VPS service as I just noticed your sig says you are a dc provider. Post a link if you do.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
I'd give them a try, their prices look really good. I do work for a DC provider, but I'm pretty sure I'm not allowed to advertise on these forums. Anyway, glad I could help :)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

The following command is useful for anyone else that may experience this issue and see this thread:

Code:
/scripts/smtpmailgidonly on
This attempts to enable SMTP Restrictions via the command line, and will produce a more verbose error output. It's almost always the results of a lack of required kernel modules on VPS servers, as mentioned in the earlier posts.

Thank you.
 

bsmithcp

Member
Sep 5, 2013
12
0
1
cPanel Access Level
Website Owner
Hello :)

The following command is useful for anyone else that may experience this issue and see this thread:

Code:
/scripts/smtpmailgidonly on
This attempts to enable SMTP Restrictions via the command line, and will produce a more verbose error output. It's almost always the results of a lack of required kernel modules on VPS servers, as mentioned in the earlier posts.

Thank you.
Definitely more verbose. The output for me using this command was :

SMTP Mail protection has been disabled. All users may make smtp connections.
There was a problem setting up iptables. You either have an older kernel or a broken iptables install, or ipt_owner could not be loaded.
 

delalibera

Member
Jan 6, 2014
20
0
1
cPanel Access Level
Reseller Owner
Hello everybody!

I'm having the same problem, when I try to enable SMTP restrictions the error is displayed "An error occurred attempting to update this setting."

When I run the "/scripts/smtpmailgidonly on" is showed the following error

This attempts to enable SMTP Restrictions via the command line, and will produce a more verbose error output. It's almost always the results of a lack of required kernel modules on VPS servers, as mentioned in the earlier posts.

What should I do to fix this?

Thank you.
 

delalibera

Member
Jan 6, 2014
20
0
1
cPanel Access Level
Reseller Owner
I'm sorry, this is the error:

SMTP Mail protection has been disabled. All users may make smtp connections.
There was a problem setting up iptables. You either have an older kernel or a broken iptables install, or ipt_owner could not be loaded.

Thank you.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
What should I do to fix this?
If you only have an instance (VM) on the server, there is most likely nothing you can do yourself. Most servers lacking the kernel modules for smtp tweak / SMTP_BLOCK have their modules managed via the parent server and not directly on the instance. Your data center provider would have to add the necessary kernel modules through the parent server which controls your VM, and most providers aren't willing to do this since they'd have to reboot the server thus rebooting everyone else on your parent server.

Newer VPS virtualization technologies like xen and KVM typically don't have this problem like virtuozzo / OpenVZ do. In other words, you may want to look at changing hosting providers if they can't (or more accurately won't) add the kernel modules.