Issue
- How to use SMTP Management?
- How to restrict all SMTP connections except local?
- How to manage SMTP connections?
Environment
- Imunify360
Solution
The SMTP Management feature helps to manage SMTP settings. To use it, tick the Enable SMTP Traffic Management checkbox.
- SMTP ports - a list of ports to be blocked. The defaults are: 25, 587,465
- Allow users - a list of users to be ignored (not blocked). By default it is empty. Including Unix and cPanel users (if a process that sends an email has a UID of one of the allow_users, it will not be blocked). These users will be able to send emails.
- Allow groups - a list of groups to be ignored (not blocked). By default it is empty. Including Unix and CPanel users (if a process that sends an email has a UID of one of the allow_users, it will not be blocked)
- Allow local * - block all except the local SMTP (localhost). By default it is disabled. If you enable this feature, all external SMTP connections will be restricted.
-
Redirect to local ** - enable automatic redirection to the local ports for outgoing mail traffic. By default it is disabled. All traffic that goes to external mail servers will be redirected to the local SMTP server.
* Allow local only allows users to use localhost:25 as their default SMTP server, and the implementation is as follows:
iptables -I OUTPUT_imunify360 -o lo -p tcp -m multiport --dports 25 -j ACCEPT
** Redirect to local redirects non-authorized outbound SMTP connections to the local SMTP server, and is needed to give PHP scripts the ability to work properly in case of global SMTP block, and the actual implementation is as follows:
iptables -t nat -I OUTPUT_imunify360 -p tcp -m multiport --dports 25 -j REDIRECT
iptables -t nat -I OUTPUT_imunify360 -p tcp -m multiport --dports 25 -m owner --uid-owner 0 -j RETURN
iptables -t nat -I OUTPUT_imunify360 -p tcp -m multiport --dports 25 -m owner --uid-owner $uid -j RETURN
iptables -t nat -I OUTPUT_imunify360 -p tcp -m multiport --dports 25 -m owner --gid-owner $gid -j RETURN
For Webmail to be able to function in cPanel, the configuration must be as follows:
Useful links
Comments
0 comments
Please sign in to leave a comment.