Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel and LFD/CSF SMTP restrictions?

Discussion in 'Security' started by david364, Mar 27, 2018.

  1. david364

    david364 Active Member

    Sep 15, 2013
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Reseller Owner
    As I understand it, cPanel and LFD both offer SMTP (outgoing) email restrictions to prevent malicious scripts from sending email via weird system users such as "nobody". This is a very important feature to prevent spamming/viruses/malware, yet I haven't found an explanation for why it is supported both in cPanel and LFD (if it is). As a server beginner, this confuses me.

    Should the cPanel TWEAK be enabled or disabled when LFD is running? Is there a similar feature in LFD, and how can I find it?

    Recently, when I upgraded LFD (due to seeing an upgrade needed notice that I chanced upon when looking at the LFD management interface, because apparently LFD can't automatically update itself the way cPanel does), I saw a notice from LFD that said that the cPanel TWEAK for smtp should be turned OFF. I did this, but now I'm worried that I have less protection. I can't find this TWEAK in LFD.

    What should I do, and why? (Optional: why doesn't the systems software just do the right thing automatically to provide correct protection automatically, and only require intervention and understanding from users who want a less secure environment?)
  2. rpvw

    rpvw Well-Known Member

    Jul 18, 2013
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    This is in the CSF > Firewall Configuration > SMTP Settings > SMTP_BLOCK
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Gino Viroli likes this.
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator

    Keep in mind that CSF/LFD is a third-party application and isn't something that's developed or included by default with cPanel & WHM. Often times third-party developers will make applications such as CSF to improve or add additional features that aren't natively included with the product.

    As far as why the "SMTP Restrictions" feature is disabled by default, it's because scripts uploaded to websites will often connect to remote mail servers for the purpose of sending email. It's up to the administrator to determine if they want a more strict environment for sending emails. Here's a document you may find helpful if you'd like to know additional methods to prevent email abuse:

    How to Prevent Email Abuse - cPanel Knowledge Base - cPanel Documentation

    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice