We have these settings in place in CSF configuration file:
- LF_DISTSMTP = 5
LF_DISTSMTP_UNIQ = 3
LF_DISTSMTP_PERM = 1
LF_DISTSMTP_ALERT = On
LF_DIST_INTERVAL = 300
So we received some mail warings (subj: "distributed SMTP Logins on account [omissis]") with Permanent Block [LF_DISTSMTP] notices, such as:
And those IPs were actually blocked by CSF, so that Gmail was not be able to send any envelope to any recipient account on our server.IP Addresses Blocked:
209.85.208.49 (US/United States/mail-ed1-f49.google.com)
209.85.208.51 (US/United States/mail-ed1-f51.google.com)
209.85.208.46 (US/United States/mail-ed1-f46.google.com)
209.85.208.41 (US/United States/mail-ed1-f41.google.com)
Fact is that we had already allowed all CIDRs belonging to Google, by adding the complete list into /etc/csf/csf.allow file.
Also 209.85.128.0/17 was there, but those 209.85.208.* IPs were nevertheless banned.
How is that this could have happened, if all those IPs belong to that 209.85.128.0/17 CIDR?
In fact:
- First IP > 209.85.128.0
Last IP > 209.85.255.255
Anyway we have added those CIDRs also in csf.ignore. Can you confirm that this the correct way of handling DISTSMTP with regards to Google's CIDRs?
Thanks in advance and best regards to you all.