Configuration file for SMTP Tweak

[ozark]

I understand that with '/scripts/smtpmailgidonly on' I can block outgoing smtp connection for anyone but
root, cpanel, mail and mailman.

The script seems to read a configuration file at '/var/cpanel/smtpmailgidonly/conf.yaml'.

What do I need to write into that conf.yaml file
(1) to add another user that would not be blocked?
(2) to add another port that would be blocked.

Please provide an example.

 

[quizknows]

I don't see anything in that conf on my server with SMTP tweak on.

I've had to occasionally add trusted users for this type of setup, but I do so with SMTP_BLOCK in CSF in place of SMTP Tweak. This is because the csf.conf is easily customizeable to whitelist other users for SMTP connections.

 

[ozark]

Thanks for the reply.

Switching to CSF might be a solution if all else fails.

I am using APF for years and the SMTP Tweak works great with it.

The code of '/scripts/smtpmailgidonly on' which turns the SMTP Tweak on reads a cofiguration file at
'/var/cpanel/smtpmailgidonly/conf.yaml' where you can add users and port.

All I need is the correct syntax for entries in that file.

 

[cPanelMichael]

Hello

The entry you are referring to in /scripts/smtpmailgidonly is:

# for future expension
if ( -e '/var/cpanel/smtpmailgidonly/conf.yaml' ) {
    print "Loaded custom smtpmailgidonly/conf.yaml\n";
    require Cpanel::CPAN::YAML::Syck;
    my $cfg = YAML::Syck::LoadFile('/var/cpanel/smtpmailgidonly/conf.yaml');
    push @PORTS, @{ $cfg->{'PORTS'} } if exists $cfg->{'PORTS'};
    push @RULES, @{ $cfg->{'RULES'} } if exists $cfg->{'RULES'};
}

I will leave this thread open for others to add input, but I have not been able to find any templates for you to use with this file, or documentation that supports it's use. It's likely that using CSF will be the easier route here.

Thank you.

 

[cPanelKenneth]

/var/cpanel/smtpmailgidonly/conf.yaml was added for a feature that was never completed.

 

[ozark]

Thank you very much for your answers.

I went ahead and removed APF firewall and installed CSF/LFD, with which it is indeed quite easy to allow additional users to make direct smtp connections.

 

[JerryJ.]

Howdy,

During the course of a ticket I discovered this format.

As Kenneth said, this feature was not completed, and may be removed at any time.

However since the point of the forums include unsupported configurations, I am sharing the syntax.

root@server2 [~]# cat /var/cpanel/smtpmailgidonly/conf.yaml
---
  RULES:
    -
      type: "uid"
      value: 500
      name: "jerry"

As far as I can tell, valid options include the following:

Type: uid, guid
value: value to match against
name: presumably the name for the user or group
args: UNSURE, it is in use for the cpanel user, however I am unsure of its usage.

I would like to reiterate again that this was never intended for production, and as such may be removed at any time.

If you don't know YAML files that well, I suggest using PHP to make an array, convert it to JSON, then convert it to YAML.

Here is how I did so:

codepad

Code:

<?php
$ar = array("RULES"=>array(array("type"=>'uid','value'=>500,'name'=>"jerry")));
echo json_encode($ar);

I then went to Convert JSON to YAML Online and in every language and converted it to YAML.

Thanks!

 

[ozark]

Thank you for providing details about this experimental feature.

You confirm that this could be removed any time and I have moved on to CSF, but it is always interesting to get more information about the inner workings of cpanel files, experimental or not.

 

[JerryJ.]

No problem!

I am glad I could provide this information. It's actually good to know, as it's just something else I know about the product. :D