CSF blocks email every few weeks and needs a restart

Tony Raspie

Registered
Jan 22, 2019
3
0
1
Australia
cPanel Access Level
Root Administrator
Hi folks,

We have a really unusual intermittent issue that is driving us crazy. We have a number of clients using O365 mail service for sending mail from their WordPress websites. We have a plug-in installed that sends and logs emails via SMTP to office 365 (Post SMTP aka postman) The plug-in is OK with diagnostic information and when this issue occurs, we can deduce that when it drops out the mail is redirected locally to the WHM server to send using Exim (instead of o365 remotely as its been set up). This is a significant issue as the email account doesn’t exist and as such the emails are not sent.

We have been able to work out that CSF is the cause of the redirection. If CSF is disabled, the redirection doesn’t occur and everything works as it should. If we restart CSF, the issue is resolved, however returns after a few days (we haven’t been able to zero in on an exact timeframe, however it seems to be random, but so far not more than 14 days). Once it starts redirecting, it continues to redirect until restarted (without any changes to the configuration). This is happening across three different web servers at different intervals.

We have confirmed (both through WHM UI and SSH to csf.conf):

-SMTP block is disabled
-All mail ports are included in TCP_OUT
-All mail ports are included in TCP6_OUT
-SMTP_Redirect is disabled

There is no reason we can determine why CSF would be initiating a redirect, however it is definitely the cause of the redirect.

Have any of you encountered something like this, or able to give us a hint on where to start investigating?
 

Tony Raspie

Registered
Jan 22, 2019
3
0
1
Australia
cPanel Access Level
Root Administrator
As above no alerts - after a period of time mail is redirected locally to the WHM server to send using Exim (instead of o365 remotely as its been set up). a csr -r sorts it all out as it should be.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hi @Tony Raspie


I've been using CSF for a number of years and never experienced this behavior. Since you've been able to deduce that it is in fact the source of the issue it might be best to bring this up in their forums as well to see if they have any insight to what would cause the behavior - ConfigServer Community Forum - Index page


You might also try looking at what's present in /var/log/messages at the time which mail begins to get redirected.