Hello, I've been attempting to enable the SMTPAUTH_RESTRICT option on our CPanel server.
It appears to be working for port 25, but causing authentication failure with port 587.
Following the instructions in /etc/csf/readme, When I add:
auth_advertise_hosts = ${if match_ip{$sender_host_address}{iplsearch;/etc/exim.smtpauth}{*}{}}
Authentication attempts via port 587 respond with this warning:
SMTP AUTH is required for message submission on port 587
Apparently given via this rule:
default_message_submission
# Reject unauthenticated relay on port 587
drop
condition = ${if eq{$interface_port}{587}{1}{0}}
message = SMTP AUTH is required for message submission on port 587
I have the follow options in csf.conf:
SMTPAUTH_RESTRICT = 1
CC_ALLOW_SMTPAUTH = US
and have included our localhost IP's in /etc/csf/csf.smtpauth :
127.0.0.0/8
"::1"
"::1/128"
I can send email through port 25, but not port 587. These tests were via remote email client.
Thanks for your time,
Jared
SMTPAUTH_RESTRICT issues with port 587
Re: SMTPAUTH_RESTRICT issues with port 587
Has anyone else had issues like this, specifically being unable to implemented the basic settings for SMTPAUTH_RESTRICT outlined in the CSF readme, under heading 26?
Thanks,
Jared
Thanks,
Jared
Re: SMTPAUTH_RESTRICT issues with port 587
We've been under a flood attack on SMTP for a week now, we've made some adjustments to CSF that have helped, but ultimately haven't fixed the issue. Last night LFD failed around a dozen times, as this is pretty uncommon I believe it is due to the attack.
We've blocked off some of the attack with CC_DENY but that's like using a butcher knife when all we need is a scalpel. Plus the attack is distributed, it has been coming from all over the world, and we can only block around 3 countries with CC_DENY before we start seeing that slip. Besides I really rather not block whole countries from all our other services.
That is why I have been hoping to use the SMTPAUTH_RETRICT but with the basic configuration details given in the CSF readme failing I could use a little extra help. I'm going to dig around on the EXIM configurations again to see what I am missing, but any guidance would be helpful.
Thank you for your time and patience,
Jared
We've blocked off some of the attack with CC_DENY but that's like using a butcher knife when all we need is a scalpel. Plus the attack is distributed, it has been coming from all over the world, and we can only block around 3 countries with CC_DENY before we start seeing that slip. Besides I really rather not block whole countries from all our other services.
That is why I have been hoping to use the SMTPAUTH_RETRICT but with the basic configuration details given in the CSF readme failing I could use a little extra help. I'm going to dig around on the EXIM configurations again to see what I am missing, but any guidance would be helpful.
Thank you for your time and patience,
Jared