Page 1 of 2

CSF Blocking External Email

Posted: 09 May 2023, 16:32
by catalinaview2
CSF is blocking all external email (gmail, hotmail, yahoo, etc). I have seen a few discussions on this topic here but nothing specifically fixes the problem.

CSF v14.18
WHM/cPanel 110.5

External emails work fine when CSF is off. I saw one thread that mentions something about WHM v110.5 and sshd and smtp settings but the "solution" is not specific enough to implement.

SMTP Restrictions is DISABLED

Any help would be appreciated.

Re: CSF Blocking External Email

Posted: 09 May 2023, 20:36
by Sergio
Can you paste a few LOG lines of the blocked domains, I mean gmail or hotmail?

Sergio

Re: CSF Blocking External Email

Posted: 10 May 2023, 00:01
by catalinaview2
What log would you like? The send email has at the bottom "The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720 [mail.mywebsite.org. 68.178.203.178: timed out]"

Re: CSF Blocking External Email

Posted: 10 May 2023, 14:28
by Sergio
To start, let check gmail:
LFD Log will be good, search for any log line error when trying to deliver email to gmail.

Also, there could be another issues that should be checked:
Do you have Google IPs on your server's white list.
Do you have DMARC Record created on the domain?

Here you can check your MX with google:
https://toolbox.googleapps.com/apps/checkmx/

Here you can create an account with google and add your domains to be in a kind of white list with them:
https://postmaster.google.com/u/0/managedomains?pli=1

Sergio

Re: CSF Blocking External Email

Posted: 10 May 2023, 19:19
by catalinaview2
The issue is receiving email from gmail, ymail, etc, not sending it. There is no DMARC record for this domain.

I shut off CSF and mail started flow from many external sources.

Here's the last few of lfd.log:
May 10 11:01:32 178 lfd[29984]: *User Processing* PID:29965 Kill:0 User:admineldo23 VM:588(MB) EXE:/opt/cpanel/ea-php81/root/usr/sbin/php-fpm CMD:php-fpm: pool eldoradogolfclub_org
May 10 11:01:32 178 lfd[29984]: *User Processing* PID:29966 Kill:0 User:admineldo23 VM:588(MB) EXE:/opt/cpanel/ea-php81/root/usr/sbin/php-fpm CMD:php-fpm: pool eldoradogolfclub_org
May 10 11:02:32 178 lfd[30195]: *User Processing* PID:30187 Kill:0 User:admineldo23 VM:588(MB) EXE:/opt/cpanel/ea-php81/root/usr/sbin/php-fpm CMD:php-fpm: pool eldoradogolfclub_org
May 10 11:03:13 178 lfd[6271]: Main Process: TERM
May 10 11:03:13 178 lfd[6271]: daemon stopped

Could the "Kill" commands be stopping email?

Re: CSF Blocking External Email

Posted: 10 May 2023, 21:43
by Sergio
The issue is receiving email from gmail, ymail, etc, not sending it. There is no DMARC record for this domain.
Yes, that means that CSF is blocking those domains and/or IPs used by those domains.

In my server I have addes all the Google IPs to csf white list, to do this:
- create a file called, per example: gmail.ignore
- save it at /etc/csf/
- On that file save all the IPs from gmail like this:
###############################################################################
# Copyright 2018, Secmas
# URL: http://my.url.com
# Email: sergio@my.url.com
###############################################################################
# The following IP addresses will be allowed through iptables and ignored by
# lfd to allow for unimpeded access to the email service
#
# Each IP address belongs to google mail and is responsibly for authenticating
# email accounts
#
209.85.128.0/17
After you save that file, you have to add it to CSF.IGNORE and add it like this:
Include /etc/csf/gmail.ignore
Save the file and restart CSF.

After that, GMAIL will start to work.

Sergio

Re: CSF Blocking External Email

Posted: 11 May 2023, 00:14
by catalinaview2
OK, that may help with gmail. What about all the other domains that may send email, add each one?

You solution does not address the issue with CSF blocking ALL external emails.

Re: CSF Blocking External Email

Posted: 11 May 2023, 16:28
by catalinaview2
With CSF enabled, I see this line in the lfd.log periodically:
May 11 08:24:35 178 lfd[31843]: (sshd) Failed SSH login from 162.251.160.214 (US/United States/phoenix10.monitorengine.com): 5 in the last 3600secs - *Blocked in csf* [LF_SSHD]

This IP shows that it is from google but can't be sure if it is gmail or something else. The message refers to SSH but I am not clear if this is related to a email delivery.

Any ideas?

Re: CSF Blocking External Email

Posted: 13 May 2023, 07:19
by Sergio
catalinaview2 wrote: 11 May 2023, 00:14 OK, that may help with gmail. What about all the other domains that may send email, add each one?

You solution does not address the issue with CSF blocking ALL external emails.
Just out of curious, Are you using any Blocklists in CSF (lfd blocklists)?

Re: CSF Blocking External Email

Posted: 13 May 2023, 13:34
by catalinaview2
No, no entries in /etc/csf/csf.blocklists