The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Outbound SMTP connections are unrestricted

Discussion in 'E-mail Discussions' started by kers7754, Jul 22, 2014.

  1. kers7754

    kers7754 Active Member

    Joined:
    Jan 13, 2011
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Using csf, I set this option: SMTP_BLOCK

    .. but doing so means that my wordpress sites that use google's smtp to send email stop working.

    If I remove that block, every thing works fine.

    What is the correct way to enable websites to send email through SMTP servers without opening my server up to the probability of email abuse? Should wordpress and joomla sites be using phpmail or sendmail?
     
  2. Echelon17

    Echelon17 Well-Known Member

    Joined:
    May 21, 2006
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    That is exactly the purpose of the SMTP_BLOCK feature - to stop scripts sending mail through external servers (such as Gmail). It is working exactly as intended. Since CSF is not part of cPanel I'd recommend contacting the script developer(s) directly for further assistance.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,764
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I believe you can utilize the "SMTP_ALLOWUSER" rule to allow specific users to circumvent the restriction implemented by CSF. You may want to post on the CSF support forums for clarifications on the best way to exclude certain users or mail servers.

    Thank you.
     
  4. kers7754

    kers7754 Active Member

    Joined:
    Jan 13, 2011
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    I assumed that using an external SMTP that you had to authenticate to was the most secure way to protect against email abuse.

    So should all email go through phpmail (MTA)? I guess if it does, it can be monitored.
     
  5. Echelon17

    Echelon17 Well-Known Member

    Joined:
    May 21, 2006
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    That's the point of the SMTP_BLOCK feature, to prevent people bypassing local mail restrictions by sending mail through a third party or external server directly. Authentication to the third party service does not make this secure at all, and chances are you won't even know mail is being sent out this way.

    If you want full control over all of your servers outbound e-mail you should enable this option. Please only do so if you are aware of what it does and how it will affect you. If in doubt, contact Configserver for more information.
     
Loading...

Share This Page