Results 1 to 12 of 12

Thread: smtp auth only

  1. #1
    Join Date
    Jun 2016
    Location
    Istanbul, TR
    Posts
    102

    smtp auth only

    Hello,
    I need to configure smtp only auth user.
    Want to block user simply use: echo mail ("somecone@domian.com" ,"Test Auth" , "Has send!",$headers);
    I have disabled mail() func. both php version running php.ini but only this enough for security I don't know.

    How to configure server only relay and userAuth
    Regards.
    Last edited by develop; 03-12-2018 at 04:32 AM.

  2. #2
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,261
    Are you using Custombuild 2.0?
    In that case I suggest disabling da-popb4smtp too if you've not done so already and use a new spamblocker exim.conf file.
    https://help.directadmin.com/item.php?id=467

    Next to that, you could use csf/lfd firewall and set:
    SMTP_BLOCK = "1" (which only allows outgoing mail from root, exim and mailman)
    SMTP_ALLOWLOCAL = "0" (which also blocks all mails originated by scripts)
    SMTP_PORTS = "25,465,587" (read doc so you don't forget any ports)

    Don't forget to restart csf/lfd afterwards.
    Greetings, Richard.

  3. #3
    Join Date
    Jun 2016
    Location
    Istanbul, TR
    Posts
    102
    Hello Richard,

    https://help.directadmin.com/item.php?id=467 all steps has been done.

    After SMTP_BLOCK = "1" if I set SMTP_PORTS = "25,465,587" with "465" accounts cant send any mail over smtp auth via yandex, gmail etc.
    if set it SMTP_PORTS = "25,587" like this working.
    And if I set SMTP_ALLOWLOCAL = "0" roundcube has an error connection (-1)

    https://help.directadmin.com/item.php?id=461 after this steps roundcube has run again.

    How to fix it that all getting complicated?

    I want SMTP_BLOCK = "1" & SMTP_PORTS = "25,465,587" & connect smtp.yandex.net port 465 and other email providers... & SMTP_ALLOWLOCAL = "0" without roundcube error

    Regards
    Last edited by develop; 03-13-2018 at 03:22 AM.

  4. #4
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,261
    Hello Develop.

    You need SMTP_ALLOWLOCAL=1 for Webmail indeed.

    I guess in the case what you want to be able to do, your initial setup was correct. Disable php mail, using the new Spamblocker exim.conf files. I don't think a lot more can be done.
    However I'm not familiar with the other smtp options in csf/lfd.

    Maybe somebody else has some other improvement tips for you.
    Greetings, Richard.

  5. #5
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    11,871
    Hello,

    You need SMTP_ALLOWLOCAL=1 for Webmail indeed.
    Check this https://help.poralix.com/articles/ro...-server-failed for another possible solution.

  6. #6
    Join Date
    Jun 2016
    Location
    Istanbul, TR
    Posts
    102
    Hello zEitEr,

    Thank you for solution.

    - Great solution work like a charm. SMTP_ALLOWLOCAL = 0 work with roundcube and rainloop.

    SMTP_BLOCK = "0"
    SMTP_ALLOWLOCAL = "0"
    SMTP_REDIRECT = "0"
    SMTP_PORTS = "25,465,587"
    SMTP_ALLOWUSER = "webapps"
    SMTP_ALLOWGROUP = "mail,mailman"

    Smtp_block still problem.

    SMTP_BLOCK = 1 Tested! For yandex user = >On SSL 465 > Message could not be sent. Mailer Error: SMTP connect() failed. https://github.com/PHPMailer/PHPMail...roubleshooting

    csf.conf

    Allow incoming TCP ports
    TCP_IN =
    20,21,22,25,53,80,110,143,443,465,587,993,995,2222

    Allow outgoing TCP ports
    TCP_OUT =
    20,21,22,25,53,80,110,113,443,465,587,993,995,2222

    Allow incoming UDP ports
    UDP_IN =
    20,21,53

    Allow outgoing UDP ports
    To allow outgoing traceroute add 33434:33523 to this list
    UDP_OUT =
    20,21,53,113,123
    Last edited by develop; 03-16-2018 at 03:41 AM.

  7. #7
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    11,871
    You can add trusted users into SMTP_ALLOWUSER, for example:

    Code:
    SMTP_ALLOWUSER = "webapps,userbob,usermark"
    userbob and usermark are faked names of users. You should specify real ones.


  8. #8
    Join Date
    Jun 2016
    Location
    Istanbul, TR
    Posts
    102
    Ok, I understand. Thanks a lot for help.

    it's not possible be able to user allow only in httpdocs phpmailer script use relay for sent mail?
    exmp: different server login, yandex, gamil etc.

    Regards.
    Last edited by develop; 03-16-2018 at 06:36 AM.

  9. #9
    Join Date
    Jun 2016
    Location
    Istanbul, TR
    Posts
    102
    SMTP_BLOCK = "1"
    SMTP_ALLOWLOCAL = "0"
    SMTP_REDIRECT = "1"
    SMTP_PORTS = "25,465,587"
    SMTP_ALLOWUSER = "webapps"
    SMTP_ALLOWGROUP = "mail,mailman"

    I set it SMTP_BLOCK = "1" & SMTP_REDIRECT = "1"

    And phpmailer works now for local smtp auth! Not for gmail or yandex etc. There is any security problem?

  10. #10
    Join Date
    Jun 2016
    Location
    Istanbul, TR
    Posts
    102
    Is it possible to connect over 465 ssl for gmail, yandex relay users?

    Different than this: SMTP_ALLOWUSER = "webapps,userbob,usermark"

  11. #11
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    11,871
    You could probably add those numerous IPs into allow list in csf.allow with a limit to connect to 465 outgoing.

  12. #12
    Join Date
    Jun 2016
    Location
    Istanbul, TR
    Posts
    102
    Thank you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •