Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Outgoing smtp connections, to local Exim

Discussion in 'E-mail Discussion' started by mikelsanz, Nov 20, 2017.

  1. mikelsanz

    mikelsanz Member

    Joined:
    May 23, 2013
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Hello! We have some hosts with Wordpress installs, with a plugin to change mail() function, to external SMTP gateway. From last upgrade to v.68, we can't use this, and all the outgoing smtp attempts, goes to local Exim, and not outside...

    Connection: opening to ssl://externalgateway:465, timeout=300, options=array ()
    Connection: Failed to connect to server. Error number 2. "Error notice: stream_socket_client(): Peer certificate CN=s3.localnameserver.xxx' did not match expected CN=mail.externalgateway.xxx'
    Connection: Failed to connect to server. Error number 2. "Error notice: stream_socket_client(): Failed to enable crypto
    Connection: Failed to connect to server. Error number 2. "Error notice: stream_socket_client(): unable to connect to ssl://externalgateway.xxx:465 (Unknown error)
    SMTP ERROR: Failed to connect to server: (0)

    -----------------------------

    smtp:none:plain://mail.externalgateway.xxx':587 <--- Calling to external gateway

    220-s3.example.com ESMTP Exim 4.89 #1 Mon, 20 Nov 2017 13:00:52 +0100
    220-We do not authorize the use of this system to transport unsolicited,
    220 and/or bulk e-mail.
    EHLO 185.162.171.12
    250-s3.localnameserver.xxx Hello XYZ.XYZ.XYZ.XYZ [XYZ.XYZ.XYZ.XYZ] <--- But connected to local Exim...
    250-SIZE 52428800
    250-8BITMIME
    250-PIPELINING
    250-AUTH PLAIN LOGIN
    250-STARTTLS
    250 HELP
    AUTH PLAIN
    334
    AHdlYnNAZW52aW9zLjIwY29tdW5pY2FjaW9uLm5ldABzbXRwMjAxNCs=
    535 Incorrect authentication data
     
    #1 mikelsanz, Nov 20, 2017
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Can you verify if the "WHM Home » Security Center » SMTP Restrictions" feature is enabled on this system? If so, does disabling it solve the issue?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Nov 20, 2017
  3. Anas Ashfaq

    Anas Ashfaq Registered

    Joined:
    Jan 15, 2018
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    Hello,

    Disabling the restrictions solves the issue but is that a recommended solution?

    Is there a way to enable the smtp restrictions and add an exception to the trust mail sending providers e.g. mailgun

    Thank you
     
    #3 Anas Ashfaq, Jan 15, 2018
  4. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    257
    Likes Received:
    29
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    We don't provide a method at this time to make this option specific to users or outbound hosts; however, this is simply implemented through iptables UID/GID matches:
    Code:
    # iptables -nL|grep match
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 25,465,587 owner GID match 992
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 25,465,587 owner GID match 12
ACCEPT     tcp  --  0.0.0.0/0            127.0.0.1            multiport dports 25,465,587 owner UID match 202
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 25,465,587 owner UID match 0
    It shouldn't be difficult to apply manually, but this would also make a good feature request. I also believe CSF(ConfigServer Security and Firewall) provides this functionality.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPWilliamL, Jan 16, 2018
    kawasakai likes this.
  5. kawasakai

    kawasakai Active Member

    Joined:
    Sep 17, 2015
    Messages:
    31
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Germany
    cPanel Access Level:
    Root Administrator
    Hello,

    My current rule to allow reaching external SMTP servers for a certain user looks like:
    Code:
    iptables -t nat -I OUTPUT 5 -d 1.2.3.4 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner 1036 -j RETURN
    Now I need some advice how to to apply this rule permanent, in in a way which doesn't disturb cPanels own ruleset.
     
    #5 kawasakai, Apr 10, 2018
    Last edited: Apr 10, 2018
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Have you considered using CSF to manage the firewall rules? CSF offers options that allow you to restrict SMTP similar to the SMTP Restrictions option in WHM, but with more control over specific users:

    ConfigServer Security & Firewall (csf)

    Or, you could simply use CSF to manage your own custom firewall rules to ensure they are preserved through restarts.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 cPanelMichael, Apr 10, 2018
(You must log in or sign up to post here.)
Loading...
Similar Threads - Outgoing smtp connections
  1. uk01

    SpamAssassin Outgoing Scan Causing Slow SMTP?

    uk01, Jul 13, 2018, in forum: E-mail Discussion
    Replies:
    13
    Views:
    212
    cPanelLauren
    Sep 17, 2018 at 7:53 AM
  2. madnoob2

    SOLVED Using a different outgoing SMTP via mailgun

    madnoob2, Apr 18, 2017, in forum: E-mail Discussion
    Replies:
    5
    Views:
    2,202
    cPanelMichael
    Apr 27, 2017
  3. Rogerio

    SOLVED EXIM Outgoing IPs Per Account?

    Rogerio, Sep 20, 2018 at 9:08 AM, in forum: E-mail Discussion
    Replies:
    4
    Views:
    60
    cPanelMichael
    Sep 21, 2018 at 8:42 AM
  4. Wemerson Guimaraes

    Detect and Stop Outgoing Spam?

    Wemerson Guimaraes, Sep 2, 2018, in forum: E-mail Discussion
    Replies:
    3
    Views:
    144
    cPanelMichael
    Sep 4, 2018
  5. sifos

    Forwarding outgoing e-mails?

    sifos, Aug 31, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    82
    cPanelMichael
    Aug 31, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice