csf firewall blocking countries - How can I allow outbound connections to email providers

harmonypersechino5348

Active Member
Dec 6, 2020
32
3
8
NA
cPanel Access Level
Website Owner
Hello,

My csf firewall has CC_DENY = enabled blocking countries like China & Russia however I am wondering will that block email providers using servers in CN/RU too? I have users who may have email providers in China/Russia that I need to get delivered to so how can I allow those?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,493
1,009
313
cPanel Access Level
Root Administrator
Hey there! If you are blocking the entire country code, it would block all traffic that the firewall tools detect as coming from that region. You would need to unblock the country code or allow specific IPs in the whitelist if you need to allow access to the mail server.
 

harmonypersechino5348

Active Member
Dec 6, 2020
32
3
8
NA
cPanel Access Level
Website Owner
Hey there! If you are blocking the entire country code, it would block all traffic that the firewall tools detect as coming from that region. You would need to unblock the country code or allow specific IPs in the whitelist if you need to allow access to the mail server.
They wont need access but I would need to connect to smtp.gmail.com for example. Is there no easy way other than manually adding each of their IPs to the whitelist? If anyone has a list of all major email providers IPs please share.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,493
1,009
313
cPanel Access Level
Root Administrator
I guess I'm not sure I understand the situation. I would not expect any of the Gmail servers to get processed through those two countries, as Google is officially blocked in China. Anyone sending messages to your server from Gmail would likely not be going through either of those two countries.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,493
1,009
313
cPanel Access Level
Root Administrator
Ah, I see what you mean now. That's the correct behavior then, and you'd have to whitelist the individual IPs. You could also consider whitelisting the hostname of the connection as well, as outlined here:


Please note that cPanel is not affiliated with the CSF tools in any way, as they are completely a third-party product.