Configure CSF to allow outbound SMTP - email

I have a web app that sends email via SMTP (Gmail, Zoho Mail servers). The thing is, the email sending works in my localhost but not on my VPS (using WHM).
I contacted support and the guy replied:
If your VPS has ConfigServer Firewall (CSF) installed then this would
most likely be causing the problem. As it is working on localhost but
not externally this certainly sounds like it might be the case. You
will need to review the firewall configuration on the VPS and ensure
hose ports are allowed outbound.
But when it comes to server management and configuration, I'm totally lost. I did check the CSF settings page on WHM but not sure where to start.
Any recommendation or solution would be appreciated.

You have to allow outgoing traffic to ports 25, 465, 587 and in the case of Mandrill 2525 as will. You should actually be fine enabling only the one you will connect to. So:
sudo vim /etc/csf/csf.conf
add 25,2525,465,587 to TCP_OUT, and to TCP6_OUT if you use IPv6.
You might also need to remove that ports from SMTP_PORTS if you have SMTP_BLOCK enabled (if it is set to 1).
Source: https://community.centminmod.com/threads/csf-firewall-info.25/#post-6613

Related

CentOS iptables and port configuration for using external SMTP server

I have a web server running CentOS and a separate mail server running Microsoft Exchange. I have the web server connecting to the mail server via SMTP on port 587 to send emails.
Sometimes the connection to the mail server refuses, but it's rare. Could an intermittent failure be related to port settings? I would have thought it's all or nothing.
For the CentOS web server, what rules should I be looking to configure in the iptables if any? Do I need to add an entry for port 587 on this server? Or do I just need to allow incoming connections on the mail server for 587?
Thanks in advance.
You don't need to set up any iptables rules on your webserver, since outgoing connections are allowed by default. Your occasional drops won't have anything to do with the webserver's firewall, so you'll want to look at tuning your Exchange server, if the error is impactful enough to worry about it.

Alt-N Mdaemon mail server on google compute engine

I have a VM instance on Google Compute Engine, which is running Windows Server 2012 R2. I have my Apache web server, PHP, MySQL, FTP, and various other things running great, easily accessible from the world. I installed MDaemon Messaging Server (Alt-N's email server), which I had on my old physical box for years. I am able to use port 110 just fine, but I simply cannot get SMTP to work. Yes, I'm well aware of (Compute Engine's Blocked SMTP Ports). Knowing these blocked google ports, I would like to choose port 2525 as Mdaemon's SMTP port. I added firewall rules on the server to allow it, and I added the Compute Engine Network port exceptions as well, and of course changed the Mdaemon's server settings for 2525. I still cannot send email. Hell, I even tried port 2626 and nadda.
I understand I could sign up through google's recommended "sendgrid" that would force me to use mail.sendgrid.com, port 2525, and have a maximum of 25,000 per month limit (on free sendgrid account), but I personally think it's ridiculous needing to sign up and have limits on email when I paid $2,400 for Mdaemon email server. I should be able to use my own domain's mail.mydomain.com and authenticate through MY email server, not sendgrid's.
Is there something simple I'm missing to be able to use my own email server software on my google compute engine VM instance? Or is it just fact that this is the right I give up by choosing google's cloud server services?
SMTP server, in your case MDaemon, sends all outbound emails directly to the recipient's mail servers on their inbound SMTP port which is 25. This is the port you will need to configure on your MDaemon's SMTP outbound port setting. So changing it to 2525 or 2626 won't help because recipient's SMTP servers usually do not listen on those ports.
As you also mentioned all outgoing traffic to port 25 (SMTP) is blocked on Compute Engine. Therefore you'll need to configure a smart host for your MDaemon message routing which listens on a non-blocked port. This is something like using a third party service (e.g. SendGrid).

Mail not getting send to specific domains

We have a VPS with CentOS combined with DirectAdmin which we use for a Magento shop. This runs fine, except for sending email.
Problem:
It appears that some specific domains won't receive our emails and we get a bounce. If we use any other email sending systems, the mails arrive without problems.
The bounce mail contains the following error:
SMTP error from remote mail server after HELO Company-Shops:
host mx-cluster-b2.one.com [IP ADRESS]: 504 5.5.2 :
Helo command rejected: need fully-qualified hostname
After googling and trying things for a week now, I am a bit lost. I tried checking postfix in CentOS, but this is not installed and I'm not quite sure if this is needed.
Possible issue?
I believe the hostfile in CentOS is setup incorrectly:
127.0.0.1 localhost localhost.localdomain localhost4 ... etc
OUR IP Company-Shops
'Company-Shops' should probably be a domain name, am I right? The same as the rDNS. But I'm afraid if I change this it will kill my site and whatnot. I'm not sure if this entry correlates with the 'company-Shops' helo label in the bounce error.
Some extra info:
- We use the webmail Roundcube from DirectAdmin
- At the moment we run one shop, but this might grow a bit (multiple sites on 1 IP)
- We don't use subdomains
- We've set up a reverse DNS, with the domain
Is there anyone with similiar experiences or with a bit more knowledge about this subject? I appreciate any advice we can get, as we are stuck..
Many thanks.
Yes, that's right: your mail server should identify itself using a fully-qualified domain name when it connects to send mail via SMTP. You don't say what mail server you're running, but since you're using DA, it's probably Exim. If so, you want to edit /etc/exim.conf and set primary_hostname to the FQDN of your server.
This would also be a good time to double-check that reverse DNS is set up properly for your IP address. Many hosts will also reject email from servers on IPs without a valid rDNS record.
I'm not familiar with Magento, but I can't see any way that changing the Exim configuration in this way could impact that program.

Smtp on plesk panel : cannot send email

I'm working with parallels plesk panel (here 11.5 on centOS 6.4) since 2 years and i got a problem yesterday:
My server refuse connection from my mail client.
Client (outlook) & DNS : http://i.stack.imgur.com/bCxxs.jpg
And smtp plesk configuration: http://i.stack.imgur.com/cnvPo.jpg
They are using same authentification method, no ssl, default port... I don't understand
-
I turned off the firewall while I have problems.
I tried to switch postfix/qmail it doesn't work. I don't understand why it accept mail from the webmail located on the server but not on clients.
Some help will be welcome
It may be a DNS issue..
Depending on your hosting provider, you original settings may have been changed on their end. ICANN may also be changing their DNS policies as well.
Adding this to your DNS records...
webmail.yourdomain.com. 600 A yourIP

Receiving email with Amazon EC2?

I have no trouble sending out email with my EC2 server, but how can I check the email that is sent to me? I have an elastic IP setup and modified reverse DNS records. Do I need to install Postfix to receive email?
Ensure that port 25 is active and open on your server. Install an SMTP service on your instance ...postfix is mighty fine.
Ensure you have also set up some MX records if you want to receive email from the world...
I suppose the first thing to do is testing if you can open a telnet connection to port 25 on your server. Then you know if anything is listening for incoming mail.
If not, then you should probably install postfix as well as test your firewall settings (I seem to recall the EC2 having some sort of firewall setting for which ports to allow in the web interface)
edit: correct port number