SMTP_ALLOWLOCAL when SMTP_BLOCK = 0

[Brad M]

When SMTP_BLOCK = 0, but SMTP_ALLOWLOCAL = 1, attempts to connect to a port on the SMTP_PORTS list by a user not in SMTP_ALLOWUSER are actually redirected to loopback device.

I'd suggest that either SMTP_ALLOWLOCAL = 1 be ignored when SMTP_BLOCK = 0, or that the description of SMTP_ALLOWLOCAL be clarified. The description presently reads "enable this option to allow outgoing SMTP connections to the loopback device" but doesn't make clear that it actually redirects connections to loopback.

Example output from a cpanel server comparing root and unprivileged user:

user@example.com [/root]# telnet smtp.office365.com 587
Trying 132.245.28.178...
Connected to smtp.office365.com.
Escape character is '^]'.
220-host.example.com ESMTP Exim 4.85 #2 Thu, 14 May 2015 15:47:22 +0200
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.

root@example.com [~]# telnet smtp.office365.com 587
Trying 132.245.3.130...
Connected to smtp.office365.com.
Escape character is '^]'.
220 DM2PR07CA0029.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 14 May 2015 13:48:34 +0000

[ForumAdmin]

When SMTP_BLOCK = 0, but SMTP_ALLOWLOCAL = 1, attempts to connect to a port on the SMTP_PORTS list by a user not in SMTP_ALLOWUSER are actually redirected to loopback device.

That sounds like you have mistakenly enabled the "Restrict outgoing SMTP to root, exim, and mailman" in WHM > Tweak Settings as well as SMTP_BLOCK.

In csf, SMTP_ALLOWLOCAL has no effect at all if SMTP_BLOCK is disabled. Also, neither SMTP_BLOCK nor SMTP_ALLOWLOCAL redirects anything, they only block access through those ports.

[Brad M]

That tweak setting was actually disabled on the server in question. I was also able to directly verify that disabling SMTP_ALLOWLOCAL immediately fixed the issue.