The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't enable SMTP Restrictions

Discussion in 'Security' started by bsmithcp, Sep 9, 2013.

  1. bsmithcp

    bsmithcp Member

    Joined:
    Sep 5, 2013
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    When I try to enable SMTP Restrictions I get the message:

    "An error occurred attempting to update this setting."

    Nothing shows in /usr/local/apache/logs/error_log and Google reveals nothing useful about this error message (it *might* be tied to iptables but I ran "yum update" just prior to installing cPanel).

    A bit more info that may or may not matter:

    The server is a Centos 64-bit VPS and everything else has gone great (this was actually the last thing on my short checklist of things to do).

    I've also tried to set this in "Tweak Settings" but get the same result except that the error message is:

    "There was an error updating Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak): "

    I'd be grateful for any suggestions on what to check and/or do next. I was really surprised at how little a Google shows on this...it must not be that common of an error...

    One other thing is that I'm on a trial license (if that could matter).
     
    #1 bsmithcp, Sep 9, 2013
    Last edited: Sep 9, 2013
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Are you using a software firewall such as APF or CSF? If you use CSF, then SMTP_BLOCK in csf config should be used instead of the WHM SMTP Tweak.

    The only other thing I can think of is your virtual machine is lacking the xt/ipt owner/state or other iptables module(s) used by SMTP Tweak / SMTP_BLOCK. Many virtuozzo / openVZ parents do not have the necessary kernel modules. Xen and KVM should be fine. You usually only run into this on very old VPS hosts.

    From root shell, check:
    Code:
    lsmod |egrep -i 'owner|state'
    If that doesn't return xt_owner and xt_state or ipt_owner / ipt_state, then your virtual machine is lacking the kernel modules needed for this. You'd have to ask your hosting provider to add them to the parent server, and most will not, as they'd have to reboot everyone's VPS on that parent to add the module(s).

    Also, check /usr/local/cpanel/logs/error_log instead of the apache error log.
     
  3. bsmithcp

    bsmithcp Member

    Joined:
    Sep 5, 2013
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    You're a genius.

    lsmod |egrep -i 'owner|state' returns zilch so that must be the problem.

    This VPS is with server4you.com. What command can I run to see exactly what the parent is? I can't find any mention of xen/kvm/openvz/virtuozzo on their website regarding VPS.

    Also, can I still run the software firewalls you mentioned?
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    You can still use CSF, but SMTP_BLOCK won't work. The rest of the firewall features, for the most part, will work just fine.

    As far as figuring out what type of VPS it is, you'd likely have to ask your host what type of virtualization software they use and hope that they'll tell you. You can't always tell from the "child." Likely they're using OpenVZ or Virtuozzo if you're in this situation, as newer platforms usually don't have this issue. Again, if it is a VZ platform, the modules could be added to the parent server by them if they're willing to do it, but I don't know if that company would be. Good luck :)
     
  5. bsmithcp

    bsmithcp Member

    Joined:
    Sep 5, 2013
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Thanks for all the help. You are a gentleman and a scholar (as we say Down South) and I'll just try a different provider.

    I've been wanting to give DigitalOcean a whirl anyway -- or I might give you a try if you offer VPS service as I just noticed your sig says you are a dc provider. Post a link if you do.
     
  6. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    I'd give them a try, their prices look really good. I do work for a DC provider, but I'm pretty sure I'm not allowed to advertise on these forums. Anyway, glad I could help :)
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The following command is useful for anyone else that may experience this issue and see this thread:

    Code:
    /scripts/smtpmailgidonly on
    This attempts to enable SMTP Restrictions via the command line, and will produce a more verbose error output. It's almost always the results of a lack of required kernel modules on VPS servers, as mentioned in the earlier posts.

    Thank you.
     
  8. bsmithcp

    bsmithcp Member

    Joined:
    Sep 5, 2013
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Definitely more verbose. The output for me using this command was :

    SMTP Mail protection has been disabled. All users may make smtp connections.
    There was a problem setting up iptables. You either have an older kernel or a broken iptables install, or ipt_owner could not be loaded.
     
  9. bsmithcp

    bsmithcp Member

    Joined:
    Sep 5, 2013
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Check your PMs.
     
  10. delalibera

    delalibera Member

    Joined:
    Jan 6, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Hello everybody!

    I'm having the same problem, when I try to enable SMTP restrictions the error is displayed "An error occurred attempting to update this setting."

    When I run the "/scripts/smtpmailgidonly on" is showed the following error

    This attempts to enable SMTP Restrictions via the command line, and will produce a more verbose error output. It's almost always the results of a lack of required kernel modules on VPS servers, as mentioned in the earlier posts.

    What should I do to fix this?

    Thank you.
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It looks like your error message was not included in your post. Could you please provide it?

    Thank you.
     
  12. delalibera

    delalibera Member

    Joined:
    Jan 6, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    I'm sorry, this is the error:

    SMTP Mail protection has been disabled. All users may make smtp connections.
    There was a problem setting up iptables. You either have an older kernel or a broken iptables install, or ipt_owner could not be loaded.

    Thank you.
     
  13. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    If you only have an instance (VM) on the server, there is most likely nothing you can do yourself. Most servers lacking the kernel modules for smtp tweak / SMTP_BLOCK have their modules managed via the parent server and not directly on the instance. Your data center provider would have to add the necessary kernel modules through the parent server which controls your VM, and most providers aren't willing to do this since they'd have to reboot the server thus rebooting everyone else on your parent server.

    Newer VPS virtualization technologies like xen and KVM typically don't have this problem like virtuozzo / OpenVZ do. In other words, you may want to look at changing hosting providers if they can't (or more accurately won't) add the kernel modules.
     
Loading...

Share This Page