المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : فايروول السي بانل CSF Firewall يجب جعل The SMTP restriction is disabled



Rise Company
03-04-2021, 01:25
فايروول السي بانل CSF Firewall يجب جعل The SMTP restriction is disabled
SMTP Restrictions (WHM) versus SMTP_BLOCK (CSF)


https://www.rise.company/upload/uploads/161740562013371.png

----------------------------------------------------------------
لماذا يجب تعطيل SMTP Restrictions جعله Disable ؟
----------------------------------------------------------------




Check SMTP Restrictions
This option in WHM will not function when running csf. You should disable WHM > Security Center > SMTP Restrictions (https://rise.company:2087/cpsess5943026719/scripts2/smtpmailgidonly) and use the csf configuration option SMTP_BLOCK instead

يجب تعطيله لان هناك نفس الميزة تعمل داخل CSF وهى تعطله

Overview
When attempting to secure your server against spam,you might consider enabling the SMTP Restrictions (https://documentation.cpanel.net/display/80Docs/SMTP+Restrictions) option in WHM or if you have the third-party ConfigServer Security & Firewall (https://configserver.com/cp/csf.html) (CSF) plugin, the SMTP_BLOCK feature. This article is designed to explain how these two services affect the server. Both options are used to prevent outgoing requests over the common mail ports, but there are some differences to be aware of.

Important Notice: If CSF is installed on the server, it is strongly recommended to use its SMTP_BLOCK feature instead of the SMTP Restrictions option within WHM. CSF can remove rules that are not explicitly defined in its own configuration files. As such, rules added via the SMTP Restrictions could be lost when CSF restarts or reloads the rules. In some cases, this could cause problems with all outbound mail.

SMTP Restrictions (within WHM)
The SMTP Restrictions feature is controlled through Web Host Manager. When this feature is enabled, only the root user, Mail Agent, and Mailman services are allowed to make outgoing connections over ports 25, 465, and 587. If any other user attempts the connection, it is looped back to the server.

when connecting as the user, this ends up connecting right back to the main server. This forces users to send any outgoing messages through the server.

This service is either enabled or disabled server wide and would affect all users on the server. You can manage this service either via the "SMTP Restrictions" option in WHM (Home >> Security Center >> SMTP Restrictions) or through "Tweak Settings" (Home >> Server Configuration >> Tweak Settings) on the "Mail" tab.

SMTP_BLOCK (within CSF)
This is a feature that can be enabled in CSF when it is installed that is very similar to the SMTP Restrictions for WHM. This feature adds its own rules for which users can create outgoing connections over ports 25, 465, and 587.
Whereas SMTP Restrictions redirects the connection to back to the server, the SMTP_BLOCK feature will reject the connections by default.
It is important to note that even if the SMTP Restrictions are disabled, this setting can still prevent users from making connections to external mail services if it is enabled.

The SMTP_BLOCK function has its own additional configuration options that can be modified through the csf.conf file (which is usually located at /etc/csf/csf.conf). For example, using the “SMTP_ALLOWUSER” or “SMTP_ALLOWGROUP” variables, you can define the users and groups that are allowed to bypass this restriction. This allows you to exclude certain users from this protection that may need to send through an external server. The “SMTP_PORTS” variable allows you to specify the mail ports you want to limit. This is useful if you are using a smarthost over an alternate port and want to limit access to that service as well. You can also redirect the connections instead of rejecting them by enabling the "SMTP_REDIRECT" option.

Summary
While very similar in function, you can see that there are some differences between the two services that could be a little confusing if you are not aware of them. Primarily, the SMTP Restrictions will redirect the request over the mail ports, while the SMTP_BLOCK feature will block the request entirely.

If you want to disable this kind of protection entirely, you would need to ensure that both the SMTP_BLOCK and SMTP Restrictions features were disabled.

المرجع:
https://forums.cpanel.net/resources/smtp-restrictions-whm-versus-smtp_block-csf.603/