User can telnet or work with external SMTP

speckados

Well-Known Member
In my server I can blocked use of php for send email with sendmaiñl. User needs config PHP for use SMTP funcions instead.

In Wordpress I recommend the use of Post SMTP, and it works perfectly locally.

Today a client wanted to configure an external service (external server) and has found that he cannot connect to the remote server.

1. I checked that the remote server is not blocked by the firewall.
2. I checked that the output ports were open (465)
3. I checked that allow_url_fopen was allowed for the user
4. I verified that the user had not activated in the wp-config.php define ('WP_HTTP_BLOCK_EXTERNAL', true); (is in false)
5. Check in the shell that the remote server could be accessed and its port
6. Try to check the same and here the problem. The user, who cannot connect remotely, is rejected. With bash shell either jailshell

Code:
# Jailshll
[[email protected] ~]# su - dunlopillo
Último inicio de sesión:jue sep 17 11:16:18 CEST 2020en pts/0
[[email protected] ~]$ telnet smtp.serviciodecorreo.es 465
Trying 82.223.190.139...
telnet: connect to address 82.223.190.139: Connection refused
# Bash
[[email protected] ~]# su - dunlopillo
Último inicio de sesión:jue sep 17 11:23:55 CEST 2020en pts/0
[[email protected] ~]$ telnet smtp.serviciodecorreo.es 465
Trying 82.223.190.139...
telnet: connect to address 82.223.190.139: Connection refused
# Root
[[email protected] ~]#  telnet smtp.serviciodecorreo.es 465
Trying 82.223.190.139...
Connected to smtp.serviciodecorreo.es.
Escape character is '^]'
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
422
96
328
cPanel Access Level
DataCenter Provider
You pretty much answered your own question. From the above 82.223.190.139 is refusing your connection. It could be a couple of things:

  • They simply have your IP blocked
  • They are not using port 465 (try 25 or 587)
Either way, you (or your customer) is prob. going to have to contact them to find the answer.
 

speckados

Well-Known Member
You pretty much answered your own question. From the above 82.223.190.139 is refusing your connection. It could be a couple of things:

  • They simply have your IP blocked
  • They are not using port 465 (try 25 or 587)
Either way, you (or your customer) is prob. going to have to contact them to find the answer.
If you look at the post, you can connect from the root account and not from the user, which use the IP of the machine, ergo, it is not a problem that the remote server cuts communication through firewall, nor by FDQN of the domain, since both communications are identified with the FDQN of the host.
 

speckados

Well-Known Member
Sorry, I totally missed that the last one corrected. Are you using a firewall or firewall rule builder (like CSF)? Have you checked the logs?
A lot of thanks.

CSf Firewall blocking SMTP_OUT for others that root or mailman.

Correct this and work fine.
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
422
96
328
cPanel Access Level
DataCenter Provider
OK, now that you have it fixed, I have to ask why you are doing this? We do the exact opposite of what you do. Since we force all mail to go through the local exim server, we can monitor what's going out and automatically suspend compromised mailboxes, hosting accounts etc.
 
  • Like
Reactions: cPanelLauren

sparek-3

Well-Known Member
Aug 10, 2002
1,983
218
343
cPanel Access Level
Root Administrator
Is there an SMTP_OUT directive in csf? Or do you mean SMTP_ALLOWUSER?

You probably want to look at SMTP_PORTS and what ports are listed there. You may only want port 25 listed there. Since ports 587 and 465 TYPICALLY (although no always) require SMTP Authentication to relay out mail. Regular users would then be able to connect to external SMTP servers on ports 587 and 465, but typically they will have to authenticate to relay out mail. Could they still spam? Sure... but whoever is running the servers they are connecting to would easily be able to see who authenticated on those connections.

The reason you want to prevent regular users from connecting to external mail servers on port 25, is because port 25 is the SMTP port used for delivering mail. Spam scripts such as Dark Mailer can take advantage of this and abuse an account to send spam message directly to a mail server (say a hotmail.com mail server) without any logging, because it bypass your local server's SMTP service for relaying out the message.

Allowing external connections on ports 587 or 465 is the same thing... except you can't connect to port 587 on a hotmail.com mail server and deliver messages blindly into a hotmail user's mailbox.
 
  • Like
Reactions: cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
As far as I know there isn't an SMTP_OUT directive - at least not in the SMTP settings of the CSF conf. There are quite a few SMTP related configurations in CSF that can prove useful.