CSF Firewall Greylisting Problem

LBJ

Well-Known Member
Nov 1, 2003
85
5
158
cPanel Access Level
DataCenter Provider
G'day All,

We recently replaced APF with CSF and it's working perfectly with one weird exception.

We're unable to send mail to a particular server which has greylisting implemented, unless we drop the firewall. No matter how many times we retry while the firewall is up, we get...


Connecting to mta.xtra.co.nz [210.54.141.1]:25 ... connected
LOG: MAIN
mta.xtra.co.nz [210.54.141.1]: Connection reset by peer
LOG: MAIN
== *********@xtra.co.nz <*****@************.com> R=lookuphost T=remote_smtp defer (104): Connection reset by peer: mta.xtra.co.nz [210.54.141.1]
LOG: MAIN
== **********@xtra.co.nz <****@*************.com> R=lookuphost T=remote_smtp defer (104): Connection reset by peer: mta.xtra.co.nz [210.54.141.1]


However, If we drop the firewall, the mail will go on the second attempt as would be expected. This happens every time.

If you run a test on xtra.co.nz at...

http://www.dnsreport.com/tools/dnsreport.ch?domain=xtra.co.nz

...it's clear they're doing things a little oddly, but the fact remains that we should be able to work with them if we can figure out what CSF does to stop the greylisting negotiation they're using.

If anyone has any ideas, we'd love to hear them. A copy of our CSF config is below.

Thanks for any thoughts.

Best Regards,

LBJ

----------

TESTING = "0"

TESTING_INTERVAL = "5"

AUTO_UPDATES = "0"

ETH_DEVICE = ""

ETH_DEVICE_SKIP = ""

TCP_IN = "20,21,22,25,53,80,110,143,443,465,953,993,995,2082,2083,2086,2087,2095,2096"

TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703"

UDP_IN = "20,21,53,953,,33434:33523"

UDP_OUT = "20,21,53,113,123,873,953,6277,33434:33523"

ICMP_IN = "1"

ICMP_OUT = "1"

SMTP_BLOCK = "0"

SMTP_ALLOWLOCAL = "0"

MONOLITHIC_KERNEL = "0"

DROP_LOGGING = "1"

DROP_IP_LOGGING = "0"

DROP_ONLYRES = "0"

DROP_NOLOG = "67,68,111,113,135:139,445,513,520,1026,1027,1234,1433,1434,1524,3127"

PACKET_FILTER = "1"

DROP_PF_LOGGING = "0"

VERBOSE = "1"

DYNDNS = "0"

RELAYHOSTS = "0"

ALLOW_RES_PORTS = "1"

DENY_IP_LIMIT = "100"

GLOBAL_ALLOW = ""
GLOBAL_DENY = ""
LF_GLOBAL = ""

LF_DAEMON = "1"

LF_TRIGGER = "20"

LF_SELECT = "0"

LF_SSHD = "1"

LF_FTPD = "1"

LF_POP3D = "0"

LF_IMAPD = "0"

LF_HTACCESS = "0"

LF_MODSEC = "0"

LF_CPANEL = "1"

LF_CSF = "1"

LF_SSH_EMAIL_ALERT = "1"

LF_SU_EMAIL_ALERT = "1"

LF_SCRIPT_ALERT = "0"

LF_SCRIPT_LIMIT = "100"

LF_SCRIPT_PERM = "0"

LF_DIRWATCH = "60"

LF_DIRWATCH_DISABLE = "0"

LF_DIRWATCH_FILE = "0"

LF_INTERVAL = "300"

LF_PARSE = "5"

LF_EMAIL_ALERT = "1"

LT_EMAIL_ALERT = "1"

LT_POP3D = "60"

LT_IMAPD = "0"

LF_DSHIELD = "0"

LF_DSHIELD_URL = "http://feeds.dshield.org/block.txt"

LF_SPAMHAUS = "0"

LF_SPAMHAUS_URL = "http://www.spamhaus.org/drop/drop.lasso"

CT_LIMIT = "0"

CT_INTERVAL = "60"

CT_EMAIL_ALERT = "1"

CT_PERMANENT = "0"

CT_BLOCK_TIME = "1800"

PT_LIMIT = "60"

PT_INTERVAL = "60"

PT_SKIP_HTTP = "1"

PT_USERPROC = "0"

PT_SMTP = "0"

IPTABLES = "/sbin/iptables"
MODPROBE = "/sbin/modprobe"
IFCONFIG = "/sbin/ifconfig"
SENDMAIL = "/usr/sbin/sendmail"
NETSTAT = "/bin/netstat"
PS = "/bin/ps"
FUSER = "/sbin/fuser"
 

LBJ

Well-Known Member
Nov 1, 2003
85
5
158
cPanel Access Level
DataCenter Provider
I have posted there now.

Thanks for that.

It's weird though. It's happening every day and the only way to force the mail to go to that one domain is to drop CSF and resend the mail. On the second attempt with CSF down, off it goes. It's on two servers too.

Hopefully someone over at your scripts forum will have an idea. I'm sort of glad it's not just me it's happening to.