Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Outbound SMTP connections are unrestricted

Discussion in 'E-mail Discussion' started by kers7754, Jul 22, 2014.

  1. kers7754

    kers7754 Active Member

    Joined:
    Jan 13, 2011
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    56
    Using csf, I set this option: SMTP_BLOCK

    .. but doing so means that my wordpress sites that use google's smtp to send email stop working.

    If I remove that block, every thing works fine.

    What is the correct way to enable websites to send email through SMTP servers without opening my server up to the probability of email abuse? Should wordpress and joomla sites be using phpmail or sendmail?
     
  2. Echelon17

    Echelon17 Well-Known Member

    Joined:
    May 21, 2006
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    156
    That is exactly the purpose of the SMTP_BLOCK feature - to stop scripts sending mail through external servers (such as Gmail). It is working exactly as intended. Since CSF is not part of cPanel I'd recommend contacting the script developer(s) directly for further assistance.
     
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,419
    Likes Received:
    1,956
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    I believe you can utilize the "SMTP_ALLOWUSER" rule to allow specific users to circumvent the restriction implemented by CSF. You may want to post on the CSF support forums for clarifications on the best way to exclude certain users or mail servers.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. kers7754

    kers7754 Active Member

    Joined:
    Jan 13, 2011
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    56
    I assumed that using an external SMTP that you had to authenticate to was the most secure way to protect against email abuse.

    So should all email go through phpmail (MTA)? I guess if it does, it can be monitored.
     
  5. Echelon17

    Echelon17 Well-Known Member

    Joined:
    May 21, 2006
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    156
    That's the point of the SMTP_BLOCK feature, to prevent people bypassing local mail restrictions by sending mail through a third party or external server directly. Authentication to the third party service does not make this secure at all, and chances are you won't even know mail is being sent out this way.

    If you want full control over all of your servers outbound e-mail you should enable this option. Please only do so if you are aware of what it does and how it will affect you. If in doubt, contact Configserver for more information.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice