SMTP Restrictions (formerly SMTP Tweak)

Hello,

Recently cpanel has added a feature called SMTP Restrictions:

" You may want to prevent users from bypassing your mail server to send mail. This is common practice for spammers.

This feature allows you to configure your server so that the mail transport agent (MTA), Mailman mailing list software, and root user are the only accounts able to connect to remote SMTP servers. "

Please add this good feature to virtualmin too.

Thanks

Status: 
Active

Comments

Sounds very interesting! Do you know how cPanel implements this?

Mostafa's picture
Submitted by Mostafa on Thu, 04/10/2014 - 13:51

I found that csf has that feature, called SMTP_BLOCK

###############################################################################
# SECTION:SMTP Settings
###############################################################################
# Block outgoing SMTP except for root, exim and mailman (forces scripts/users
# to use the exim/sendmail binary instead of sockets access). This replaces the
# protection as WHM > Tweak Settings > SMTP Tweaks
#
# This option uses the iptables ipt_owner/xt_owner module and must be loaded
# for it to work. It may not be available on some VPS platforms
#
# Note: Run /etc/csf/csftest.pl to check whether this option will function on
# this server
SMTP_BLOCK = "1"
 
# If SMTP_BLOCK is enabled but you want to allow local connections to port 25
# on the server (e.g. for webmail or web scripts) then enable this option to
# allow outgoing SMTP connections to the loopback device
SMTP_ALLOWLOCAL = "0"
 
# This is a comma separated list of the ports to block. You should list all
# ports that exim is configured to listen on
SMTP_PORTS = "25,465,587"
 
# Always allow the following comma separated users and groups to bypass
# SMTP_BLOCK
#
# Note: root (UID:0) is always allowed
SMTP_ALLOWUSER = ""
SMTP_ALLOWGROUP = "mail,mailman"

Ok, so do they setup a firewall rule to block outgoing port 25 connections?

You could do this in Virtualmin already, at Webmin -> Network -> Linux Firewall.

Hmm that's a interesting feature....

Mostafa's picture
Submitted by Mostafa on Fri, 04/11/2014 - 06:05

If you don't want to install csf, you can use 'iptables ipt_owner/xt_owner module'. Using this feature beside Mail limit feature and mail.log feature of php 5.3, you can more easily deal with spam...