Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SMTP Restrictions blocks authenticated mail

Discussion in 'E-mail Discussion' started by digitaliway, Dec 18, 2017.

Tags:
  1. digitaliway

    digitaliway Member

    Joined:
    Feb 17, 2015
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    when I have SMTP restrictions enabled then all my wordpress sites that have authenticated TLS email all fail and no email is being sent. if I turn off SMTP restrictions then all main will flow again. to be clear I have the same wordpress plugin on many sites and it is using a username and password authenticated account to send mail with TLS. everything worked great untill WHM upgraded and I had to choose SMTP restriction options. how can I enable restrictions but also all authenticated tls email??
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,962
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Is the plugin configured to authenticate via SMTP over a remote mail server? Or, is it using the local cPanel server (e.g. localhost, 127.0.0.1)?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. digitaliway

    digitaliway Member

    Joined:
    Feb 17, 2015
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    the plugin is configured to use an email account on a remote mail server using port 587 with tls. the mail account requires SMTP authentication.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,962
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    SMTP authentication attempts from scripts within an account to remote mail servers will fail when you enable "WHM >> SMTP Restrictions". You'd need to disable that option for those connections to succeed.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. dexus

    dexus Well-Known Member

    Joined:
    Jan 14, 2006
    Messages:
    170
    Likes Received:
    0
    Trophy Points:
    166
    cPanel Access Level:
    Root Administrator
    Can you please explain why this feature block port 587?

    I understand that this this feature should block direct connections to other mail servers on port 25 to prevent someone to send spam directly to other SMTP servers and that is of course a good thing, but port 587 should always require authentication, so spammer can not really abuse other SMTP servers without authentication on that port, and even if he does abuse it that is a problem of that email provider that allowed abuse on authenticated mail submission port...

    So I would just like some cPanel's opinion about this, and why do you think that outbound port 587 should also be blocked by this feature?

    Thank you.
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,962
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @dexus,

    The intent of the "SMTP Restrictions" feature is to deny users and services the ability to bypass your mail server to directly send mail, which is common practice for spammers. If a user configures their script to send out email via localhost (the cPanel server), then that should still work as expected.

    That's true, but it also can lead to the IP address of the sender (the cPanel server in this case) getting blacklisted or placed on SPAM lists because many email servers check both the IP address of the sending server and the IP address of the senders.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. digitaliway

    digitaliway Member

    Joined:
    Feb 17, 2015
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    The reason for using an actual authenticated account inside a script is to make the account accountable for the mail sending not the server it sits on. I think it should be the other way around restrict NON AUTHENTICATED email sending and only allow AUTHENTICATED mail sending with some functions for a white list and port list for servers we designate. currently I have this off so my clients can use their authenticated accounts which is better for delivery due to being authenticated with dns reverse lookup entries and SPF records etc.. but what if someone installs a script on my server and sends out non authenticated email by the thousands? do I then start restricting script sending? they can do this without being authenticated so how is this better?
     
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,962
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    I encourage you to open a feature request if you'd like to see a new option or an addition to the current option that considers if SMTP authentication is utilized by the script:

    Submit A Feature Request

    Note that for PHP scripts, you could add Mail to the disable_functions list in the PHP configuration file so that PHP scripts would need to use SMTP authentication to send out emails.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice