CSF/LFD blocking mail sent on online web form via SMTP

[adeyjones]

Hi guys

I have online forms on a website which I set to send via SMTP due to the recipients mail security blocking phpmailer emails, they were all working perfectly.

Thursday evening I enabled CSF and have only just noticed that none of the emails are getting through, theres no record of them at all via WHM mail delivery reports.

I have just used tail -f /var/log/messages to watch the log file while I send a few tests and this is what is coming up:

Dec 19 18:08:12 server kernel: Firewall: *TCP_OUT Blocked* IN= OUT=ens5 SRC=aaa.aaa.aaa.aaa DST=bbb.bbb.bbb.bbb LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=48016 DF PROTO=TCP SPT=52174 DPT=465 WINDOW=26883 RES=0x00 SYN URGP=0 UID=1007 GID=1009
Dec 19 18:08:13 server kernel: Firewall: *TCP_OUT Blocked* IN= OUT=ens5 SRC=aaa.aaa.aaa.aaa DST=bbb.bbb.bbb.bbb LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=48017 DF PROTO=TCP SPT=52174 DPT=465 WINDOW=26883 RES=0x00 SYN URGP=0 UID=1007 GID=1009

aaa.aaa.aaa.aaa is apparently one of the servers IP, and bbb.bbb.bbb.bbb is the elastic IP of my AWS EC2 instance (the server of my host).

I tried to whitelist aaa.aaa.aaa.aaa as I had never seen that IP before but it says failed as it is one of the server IPs.

Any idea where I go from here?

 

[adeyjones]

It turns out I didn't have port 465 in my TCP_OUT and 67 in UDP_OUT so they were being blocked, added these and they're now going through.

Just to note, I find this very strange considering cPanel tells users to use port 465 for SSL, and 587 (which is supposedly the new default and what should be used, is also in TCP_OUT) is the non-ssl not recommended port to use - does something need updating in cPanel here?

 

[cPRex]

Hey hey!

cPanel doesn't control or manage CSF, so there isn't anything we can do on our side for that. If you think the default behavior of CSF should be changed I'd recommend bringing this up on their forums at ConfigServer Community Forum - Index page as they are also active on there and will see your request.

 

[adeyjones]

Thanks, have registered and posted about this, because it basically means that if you're advising users to use recommended SSL settings (port 465) then they wont be able to send any mail if they have ConfigServer installed unless they manually add port 465 in to the TCP_OUT allows, a lot of people wont be aware of this issue.