SOLVED Greylist and smtp block issue

[Spirogg]

Hello,

ok so I have my own server running centos7 and cPanel 94
I had setup csf and was using my own cPanel email smtp to send emails on one of my sites. Seems my isp has some bad ip’s (not mine) but they are getting rejected @outlook as spam because Microsoft banned the whole ip block of my isp
So I opted to use postmarkapp.com for email service. But with SMTP_BLOCK
ON, the emails don’t work. if I turn that off it works. Any work around so it’s not off for all domains on my server and can add my one domain to the ok list or another way to get emails to work. Using port 25 or 587 without sacrificing server safety. I want to have safe measures but also want my emails to work.

Another issue I’m seeing is all emails are on greylist. all my emails from my site are added to greylist now, and wait time to send is around 20-30 mins. How to avoid greylist. There is not 1 ip but many ip’s postmarkapp sends from so trying to get a list from them is not possible to whitelist.
Is it safe to turn off greylist or if I check mark allow emails with good spf will this still be safe? Or another way to make sure all emails from my domain are not added to greylist ?

no one else is using this server. All domains belong to me just FYI.

Thanks so much for any help
Spiro

 

[cPRex]

Hey there! For the first question, that would best be handled by the CSF support team directly, although a quick search didn't show a way to have one domain bypass the SMTP_BLOCK setting. it is recommended to use the CSF tools if you have that installed over the WHM tools as outlined here:

SMTP Restrictions (WHM) versus SMTP_BLOCK (CSF)

Overview When attempting to secure your server against spam,you might consider enabling the SMTP Restrictions option in WHM or if you have the third-party ConfigServer Security & Firewall (CSF)...

support.cpanel.net

I'm not clear on if your greylist question is regarding outgoing email or mail coming in to the server. If it is inbound messages you could turn off greylisting or add the IP address to the Trusted Hosts section in WHM >> Greylisting. If this is for outbound messages getting stuck in remote greylists, you'd have to contact that remote provider to see what the issue could be there.

 

[Spirogg]

not clear on if your greylist question is regarding outgoing email or mail coming in to the server

Ok so I use postmarkapp for emails outgoing from my website script. It’s a forum using xenforo like you guys use here. But when I get emails sent to [email protected] as a reply from someone it gets stuck in greylist.
so I’m trying to avoid that.
PS. There are multiple ips that send email it’s not just 1 IP from postmarkapp email service. So I’d rather turn it off for that domain that I’m using xenforo on. Can I turn it off safely in cPanel vs WHM so it won’t affect my other domains
As I said all domains are mine on this server.
tha is so much.

 

[Spirogg]

@cPRex

ok just an update I got the ip ranges that send email from my email service.
So I added the blocks to the greylist and all is fine there.
- So my question regarding SMTP BLOCK
Can I add those IP blocks to the allow list and turn on SMTP. Either WHM or CSF
There has to be a way to allow an IP block and port - yes?
If so what would the line be
Example 1.1.1.25/27 port 25 in the allow list

how can I accomplish this in csf I know you don’t support but I think this would solve my issue when I have csf smtp_block on

maybe not sure but hoping this would be it

thanks if you or anyone can asssit.
Spiro

 

[cPRex]

SMTP_BLOCK itself doesn't have any values except on or off. Do you also have this option enabled?

# If SMTP_BLOCK is enabled but you want to allow local connections to port 25
# on the server (e.g. for webmail or web scripts) then enable this option to
# allow outgoing SMTP connections to the loopback device
SMTP_ALLOWLOCAL = "1"

 

[Spirogg]

SMTP_BLOCK itself doesn't have any values except on or off. Do you also have this option enabled?

# If SMTP_BLOCK is enabled but you want to allow local connections to port 25
# on the server (e.g. for webmail or web scripts) then enable this option to
# allow outgoing SMTP connections to the loopback device
SMTP_ALLOWLOCAL = "1"

Yes it’s on enabled. And still it won’t allow postmarkapp mail to be sent for xenforo notifications.
example smtp_block is on
Smtp_allowlocal is on
But when I try to private message someone in xenforo it shows can’t send error because port 25 is blocked
But if I turn off smtp_block it will allow for Xenforo script to send emails.
- that’s why I was hoping to allow the ip’s blocks from the mail service to port 25 and it might work. ?

 

[cPRex]

I did some more reading on this and found the “SMTP_ALLOWUSER” or “SMTP_ALLOWGROUP” options, which should let you bypass the SMTP_BLOCK feature on the system for the certain users you allow. Can you test that?

 

[Spirogg]

I did some more reading on this and found the “SMTP_ALLOWUSER” or “SMTP_ALLOWGROUP” options, which should let you bypass the SMTP_BLOCK feature on the system for the certain users you allow. Can you test that?

@cPRex - Y O U A R E T H E B. E. S. T.

That worked. I added to SMTP_ALLOWUSER the user account of the domain there was only cPanel in that field, so I added cPanel,mydomainsuseraccount
then saved and restarted and tried again in XenForo script to reply to someone in a conversation and it sent the email notification...


YOU my friend are the best .. thank you so so much I wish I could donate to you for always helping us... if you have a donate button I would be more than happy to donate..



Kind Regards,
Spiro

 

[cPRex]

You're very welcome!!!!