Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

CSF blocks email every few weeks and needs a restart

Discussion in 'E-mail Discussion' started by Tony Raspie, Jan 22, 2019.

  1. Tony Raspie

    Tony Raspie Registered

    Joined:
    Jan 22, 2019
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Hi folks,

    We have a really unusual intermittent issue that is driving us crazy. We have a number of clients using O365 mail service for sending mail from their WordPress websites. We have a plug-in installed that sends and logs emails via SMTP to office 365 (Post SMTP aka postman) The plug-in is OK with diagnostic information and when this issue occurs, we can deduce that when it drops out the mail is redirected locally to the WHM server to send using Exim (instead of o365 remotely as its been set up). This is a significant issue as the email account doesn’t exist and as such the emails are not sent.

    We have been able to work out that CSF is the cause of the redirection. If CSF is disabled, the redirection doesn’t occur and everything works as it should. If we restart CSF, the issue is resolved, however returns after a few days (we haven’t been able to zero in on an exact timeframe, however it seems to be random, but so far not more than 14 days). Once it starts redirecting, it continues to redirect until restarted (without any changes to the configuration). This is happening across three different web servers at different intervals.

    We have confirmed (both through WHM UI and SSH to csf.conf):

    -SMTP block is disabled
    -All mail ports are included in TCP_OUT
    -All mail ports are included in TCP6_OUT
    -SMTP_Redirect is disabled

    There is no reason we can determine why CSF would be initiating a redirect, however it is definitely the cause of the redirect.

    Have any of you encountered something like this, or able to give us a hint on where to start investigating?
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,909
    Likes Received:
    484
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    CSF should be alerting you to a block, what does that alert say about it?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Tony Raspie

    Tony Raspie Registered

    Joined:
    Jan 22, 2019
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    As above no alerts - after a period of time mail is redirected locally to the WHM server to send using Exim (instead of o365 remotely as its been set up). a csr -r sorts it all out as it should be.
     
  4. Tony Raspie

    Tony Raspie Registered

    Joined:
    Jan 22, 2019
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Weird one it would seem?! We are happy to reach out and pay a guru but would like to try and localise the issue - any ideas?
     
  5. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Tony Raspie


    I've been using CSF for a number of years and never experienced this behavior. Since you've been able to deduce that it is in fact the source of the issue it might be best to bring this up in their forums as well to see if they have any insight to what would cause the behavior - ConfigServer Community Forum - Index page


    You might also try looking at what's present in /var/log/messages at the time which mail begins to get redirected.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice