Question about SMTP Tweak

Rogerio

Well-Known Member
Sep 26, 2016
78
15
8
Sao Paulo, Brazil
cPanel Access Level
Root Administrator
Hello,

when I use "SMTP Restrictions" tweak, it creates 4 rules on my Iptables, like:

Code:
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner 994 -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner 12 -j ACCEPT
-A OUTPUT -d 127.0.0.1/32 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner 202 -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner 0 -j ACCEPT
Searching for this on Google, someone commented "this is not enough, you have to create a REJECT rule after these four rules" and posted:

Code:
-A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable
Makes sense, because INPUT and FORWARD has similar rules.

Please, can you confirm if this is true or not necessary?

Another point: I had to create manually the rules on my ip6tables file. My server has a IPv6 but it's not active. This is expected or cPanel does not create these rules on IPv6 Iptables file?

Thanks,
Rogerio
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello @Rogerio,

Searching for this on Google, someone commented "this is not enough, you have to create a REJECT rule after these four rules" and posted:
I've been unable to reproduce any problems with the functionality of this feature in terms of it producing the desired affect of blocking local users from making SMTP connections to remote SMTP Servers.

Another point: I had to create manually the rules on my ip6tables file. My server has a IPv6 but it's not active. This is expected or cPanel does not create these rules on IPv6 Iptables file?
The SMTP Restrictions feature is not currently designed to work with IPv6. We do have an internal case open to request support for IPv6 with this feature, but there's currently no time to offer on it's implementation. The case number is CPANEL-21141, and I'll update this thread with more information on it's status as it becomes available.

Thank you.
 
  • Like
Reactions: Rogerio
Thread starter Similar threads Forum Replies Date
T Email 2
keat63 Email 12
Drumrocker365 Email 29
M Email 2
J Email 5