TCP_OUT block port but still works.

M

mikussikus

Verified User
Joined
Dec 21, 2022
Messages
25
Hi,
Someone can be able to explain me why port 465 works on my server? I don't have set this port in TCP_OUT and TCP6_OUT. When I use below command, it works. In ConfigServer Security & Firewall I have founded these parameters.
SMTP_BLOCK = ON
SMTP_ALLOWLOCAL = ON
SMTP_PORTS = 25,465,587
openssl s_client -connect smtp.gmail.com:465
Click to expand...
 
Last edited:
Hello,

Do you try it as a super user root? Or a regular user? IF the first, then it is regulated by:

Bash: 
tcp|out|u=0 # Added by DirectAdmin
udp|out|u=0 # Added by DirectAdmin

in /etc/csf/csf.allow
 
Additionally the following.
I'm nog 100% sure if this makes any difference but you have:
mikussikus said:
SMTP_BLOCK = ON
SMTP_ALLOWLOCAL = ON
Click to expand...
but this was a 0 and 1 way by default.

So if the users can pass, maybe you can try this instead:
Code: 
SMTP_BLOCK = "1"
SMTP_ALLOWLOCAL = "1"
it's also like this in the original default csf.conf file so maybe it makes a difference.
 
zEitEr said:
and can say any non-zero value is treated as TRUE, i.e. 1.
Click to expand...
Ah great. I already stated I wasn't sure about it. But it's good to be sure, thanks for testing and at least now we're sure it won't make a difference if you put on or "1". Then I can remember that for next time.

But now I'm confused. Isn't the SMTP_ALLOWLOCAL = ON allowing the traffic anyway? Because clients connect with their mail program to the server, that is incoming port 465, not outgoing. And then Exim sends them via port 25 outside to another server.
Because port 25 is also in there as is port 587 which aren't blocked either right?

So maybe you have to remove port 465 from the SMTP_PORTS list or remove 465 from exim to block it incoming.

Edit: I just read somewhere, removing port 465 from SMTP_PORTS and not having port 465 in tcp_in and tcp_out should block incoming 465 traffic.
 
Last edited:
You must log in or register to reply here.
Back
Top