Archive for October, 2010

SBDavid
Oct 3rd, 2010

csf SMTP_BLOCK option

csf SMTP_BLOCK option

This option will help prevent the most common form of spam abuse on a server that bypasses exim and sends spam directly out through port 25. Enabling this option will prevent any web script from sending out using socket connection, such scripts should use the exim or sendmail binary instead

Block outgoing SMTP except for root, exim and mailman (forces scripts/users to use the exim/sendmail binary instead of sockets access).

This replaces the protection as WHM > Tweak Settings > SMTP Tweaks

This option uses the iptables ipt_owner module and must be loaded for it to work. It may not be available on some VPS platforms

Note: Run /etc/csf/csftest.pl to check whether this option will function on this server

SMTP_BLOCK = “0″

If SMTP_BLOCK is enabled but you want to allow local connections to port 25 on the server (e.g. for webmail or web scripts) then enable this option to allow outgoing SMTP connections to the loopback device

SMTP_ALLOWLOCAL = “1″
SBDavid
Oct 1st, 2010

How to check if csf will work on your server

How to check if csf will work on your server

One you have downloaded CSF firewall and installed it, you can run the below command to check the status and the results.

# /etc/csf/csftest.pl
Testing ip_tables/iptable_filter…OK
Testing ipt_LOG…OK
Testing ipt_multiport/xt_multiport…OK
Testing ipt_REJECT…OK
Testing ipt_state/xt_state…OK
Testing ipt_limit/xt_limit…OK
Testing ipt_recent…OK
Testing ipt_owner…OK
Testing iptable_nat/ipt_REDIRECT…OK

RESULT: csf should function on this server

« Prev