CSF SMTP Auth Blocking Issue for Mailgun
Posted: 08 Feb 2024, 00:50
Hi,
I'm trying to figure out what configuration setting within ConfigServer Security & Firewall is causing SMTP emailing with 3rd party providers (in our case Mailgun) from working... If I disable ConfigServer Security & Firewall then the email sending works fine.
WordPress SMTP Mail Log
IPTables Log
We can see the IP of 34.160.63.108 with the port of 587 is being blocked because of a TCP_OUT rule.
IPTables Rules (Removed non-587 rules
# ConfigServer Security & Firewall
As far as I can see, I've correctly allowed 587 correctly... I also added the Mailgun IP to the IP allowlist even though their SMTP IP might change.
Yet why is it still being blocked? Am I missing something obvious?
I'm trying to figure out what configuration setting within ConfigServer Security & Firewall is causing SMTP emailing with 3rd party providers (in our case Mailgun) from working... If I disable ConfigServer Security & Firewall then the email sending works fine.
WordPress SMTP Mail Log
Code: Select all
Versions:
WordPress: 6.4.3
WordPress MS: No
PHP: 7.4.33
WP Mail SMTP: 3.11.1
Params:
Mailer: smtp
Constants: No
ErrorInfo: SMTP Error: Could not connect to SMTP host. Failed to connect to serverSMTP server error: Failed to connect to server SMTP code: 111 Additional SMTP info: Connection refused
Host: smtp.mailgun.org
Port: 587
SMTPSecure: tls
SMTPAutoTLS: bool(true)
SMTPAuth: bool(true)
Server:
OpenSSL: OpenSSL 1.1.1w 11 Sep 2023
Apache.mod_security: No
Debug:
Email Source: WP Mail SMTP
Mailer: Other SMTP
SMTP Error: Could not connect to SMTP host. Failed to connect to serverSMTP server error: Failed to connect to server SMTP code: 111 Additional SMTP info: Connection refused
SMTP Debug:
2024-02-07 23:06:26 Connection: opening to smtp.mailgun.org:587, timeout=300, options=array()
2024-02-07 23:06:27 Connection failed. Error #2: stream_socket_client(): unable to connect to smtp.mailgun.org:587 (Connection refused) [/home/account/public_html/wp-includes/PHPMailer/SMTP.php line 397]
2024-02-07 23:06:27 SMTP ERROR: Failed to connect to server: Connection refused (111)
SMTP Error: Could not connect to SMTP host. Failed to connect to server
Code: Select all
Feb 7 23:15:38 SERVER_HERE kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=SERVER_IP_HERE DST=34.160.63.108 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33770 DF PROTO=TCP SPT=46312 DPT=587 WINDOW=29200 RES=0x00 SYN URGP=0 UID=1005 GID=1007
Feb 7 23:15:37 SERVER_HERE kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=SERVER_IP_HERE DST=34.160.63.108 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33769 DF PROTO=TCP SPT=46312 DPT=587 WINDOW=29200 RES=0x00 SYN URGP=0 UID=1005 GID=1007
IPTables Rules (Removed non-587 rules
Code: Select all
Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
18 3 180 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:587
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
27 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:587
Chain SMTPOUTPUT (1 references)
num pkts bytes target prot opt in out source destination
1 179 60106 ACCEPT tcp -- * lo 0.0.0.0/0 0.0.0.0/0 multiport dports 25,26,465,587
2 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,26,465,587 owner GID match 988
3 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,26,465,587 owner GID match 12
4 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,26,465,587 owner UID match 1075
5 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,26,465,587 owner UID match 990
6 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,26,465,587 owner UID match 0
7 4 240 LOGDROPOUT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25,26,465,587
ip6tables filter table
======================
Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
21 0 0 ACCEPT tcp !lo * ::/0 ::/0 ctstate NEW tcp dpt:587
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
31 0 0 ACCEPT tcp * !lo ::/0 ::/0 ctstate NEW tcp dpt:587
Chain SMTPOUTPUT (1 references)
num pkts bytes target prot opt in out source destination
1 3 240 ACCEPT tcp * lo ::/0 ::/0 multiport dports 25,26,465,587
2 0 0 ACCEPT tcp * * ::/0 ::/0 multiport dports 25,26,465,587 owner GID match 988
3 0 0 ACCEPT tcp * * ::/0 ::/0 multiport dports 25,26,465,587 owner GID match 12
4 0 0 ACCEPT tcp * * ::/0 ::/0 multiport dports 25,26,465,587 owner UID match 1075
5 0 0 ACCEPT tcp * * ::/0 ::/0 multiport dports 25,26,465,587 owner UID match 990
6 0 0 ACCEPT tcp * * ::/0 ::/0 multiport dports 25,26,465,587 owner UID match 0
7 0 0 LOGDROPOUT tcp * * ::/0 ::/0 multiport dports 25,26,465,587
Code: Select all
TCP_IN = 25,53,80,443,465,587,11211,49152:65534,30000:65400
TCP_OUT = 20,21,22,25,37,43,53,80,110,113,443,587,873,987,993,995,2082,2083,2086,2087,2089,2525,2703,8443,11211,44445,55556,7770:7800
UDP_IN = 53
UDP_OUT = 20,21,53,113,123,873,6277,24441
TCP6_IN = 21,25,53,80,443,465,587,987,11211
TCP6_OUT = 20,21,22,25,37,43,53,80,110,113,443,587,873,993,995,2086,2087,11211,2089,2703
UDP6_IN = 53
UDP6_OUT = 20,21,53,113,123,873,6277,24441
CC_ALLOW_PORTS = GB,AU
CC_ALLOW_PORTS_TCP = 20,21,22,987,2087,2083
CC_ALLOW_PORTS_UDP = NONE
CC_DENY_PORTS = CN,KR,HK,IN,ID,MY,NG,PK,RU,SA,TW,SY,AE
CC_DENY_PORTS_TCP = 20,21,22,987,2082,2083,2086,2087,7090
CC_DENY_PORTS_UDP = NONE
Yet why is it still being blocked? Am I missing something obvious?