when I have SMTP restrictions enabled then all my wordpress sites that have authenticated TLS email all fail and no email is being sent. if I turn off SMTP restrictions then all main will flow again. to be clear I have the same wordpress plugin on many sites and it is using a username and password authenticated account to send mail with TLS. everything worked great untill WHM upgraded and I had to choose SMTP restriction options. how can I enable restrictions but also all authenticated tls email??
Hello,
Is the plugin configured to authenticate via SMTP over a remote mail server? Or, is it using the local cPanel server (e.g. localhost, 127.0.0.1)?
Thank you.
Is the plugin configured to authenticate via SMTP over a remote mail server? Or, is it using the local cPanel server (e.g. localhost, 127.0.0.1)?
Thank you.
the plugin is configured to use an email account on a remote mail server using port 587 with tls. the mail account requires SMTP authentication.
Hello,
SMTP authentication attempts from scripts within an account to remote mail servers will fail when you enable "WHM >> SMTP Restrictions". You'd need to disable that option for those connections to succeed.
Thank you.
SMTP authentication attempts from scripts within an account to remote mail servers will fail when you enable "WHM >> SMTP Restrictions". You'd need to disable that option for those connections to succeed.
Thank you.
Can you please explain why this feature block port 587?
I understand that this this feature should block direct connections to other mail servers on port 25 to prevent someone to send spam directly to other SMTP servers and that is of course a good thing, but port 587 should always require authentication, so spammer can not really abuse other SMTP servers without authentication on that port, and even if he does abuse it that is a problem of that email provider that allowed abuse on authenticated mail submission port...
So I would just like some cPanel's opinion about this, and why do you think that outbound port 587 should also be blocked by this feature?
Thank you.
I understand that this this feature should block direct connections to other mail servers on port 25 to prevent someone to send spam directly to other SMTP servers and that is of course a good thing, but port 587 should always require authentication, so spammer can not really abuse other SMTP servers without authentication on that port, and even if he does abuse it that is a problem of that email provider that allowed abuse on authenticated mail submission port...
So I would just like some cPanel's opinion about this, and why do you think that outbound port 587 should also be blocked by this feature?
Thank you.
Hello @dexus,
The intent of the "SMTP Restrictions" feature is to deny users and services the ability to bypass your mail server to directly send mail, which is common practice for spammers. If a user configures their script to send out email via localhost (the cPanel server), then that should still work as expected.
Thank you.
The intent of the "SMTP Restrictions" feature is to deny users and services the ability to bypass your mail server to directly send mail, which is common practice for spammers. If a user configures their script to send out email via localhost (the cPanel server), then that should still work as expected.
That's true, but it also can lead to the IP address of the sender (the cPanel server in this case) getting blacklisted or placed on SPAM lists because many email servers check both the IP address of the sending server and the IP address of the senders.
Thank you.
The reason for using an actual authenticated account inside a script is to make the account accountable for the mail sending not the server it sits on. I think it should be the other way around restrict NON AUTHENTICATED email sending and only allow AUTHENTICATED mail sending with some functions for a white list and port list for servers we designate. currently I have this off so my clients can use their authenticated accounts which is better for delivery due to being authenticated with dns reverse lookup entries and SPF records etc.. but what if someone installs a script on my server and sends out non authenticated email by the thousands? do I then start restricting script sending? they can do this without being authenticated so how is this better?
Hello,
I encourage you to open a feature request if you'd like to see a new option or an addition to the current option that considers if SMTP authentication is utilized by the script:
Submit A Feature Request
Note that for PHP scripts, you could add Mail to the disable_functions list in the PHP configuration file so that PHP scripts would need to use SMTP authentication to send out emails.
Thank you.
I encourage you to open a feature request if you'd like to see a new option or an addition to the current option that considers if SMTP authentication is utilized by the script:
Submit A Feature Request
Note that for PHP scripts, you could add Mail to the disable_functions list in the PHP configuration file so that PHP scripts would need to use SMTP authentication to send out emails.
Thank you.
