SMTP_Block & Cpanel Updates

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
rootdet
Junior Member
Posts: 4
Joined: 17 Apr 2007, 19:09

SMTP_Block & Cpanel Updates

Post by rootdet »

When ever i have the security settings set to MED or High, i cannot update cpanel, but i can when i set it to low, why?

SMTP_block also doesnt work, if i set to med or high i need to go in and disable this because i get an iptables error.

any idea's on how to fix this?
rootdet
Junior Member
Posts: 4
Joined: 17 Apr 2007, 19:09

Post by rootdet »

here is the error stuff when i restart

]Restarting csf...


Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `INVDROP'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `acctboth'
Deleting chain `INVDROP'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Deleting chain `acctboth'
Restarting bandmin acctboth chains for cPanel
ACCEPT all opt -- in lo out * 0.0.0.0/0 -> 0.0.0.0/0
ACCEPT all opt -- in * out lo 0.0.0.0/0 -> 0.0.0.0/0
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:67
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:67
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:68
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:68
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:111
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:111
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:113
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:113
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpts:135:139
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpts:135:139
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:445
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:445
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:513
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:513
DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:520
DROP udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp dpt:520
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_OUT Blocked* '
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_OUT Blocked* '
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
INVDROP all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 state INVALID
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x3F/0x00
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x3F/0x3F
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x03/0x03
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x06/0x06
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x05/0x05
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x11/0x01
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x18/0x08
INVDROP tcp opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x30/0x20
INVDROP all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 state INVALID
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x3F/0x00
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x3F/0x3F
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x03/0x03
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x06/0x06
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x05/0x05
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x11/0x01
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x18/0x08
INVDROP tcp opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x30/0x20
DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt -- in !lo out * 61.144.43.238 -> 0.0.0.0/0
DROP all opt -- in * out !lo 0.0.0.0/0 -> 61.144.43.238
DROP all opt -- in !lo out * 64.14.3.215 -> 0.0.0.0/0
DROP all opt -- in * out !lo 0.0.0.0/0 -> 64.14.3.215
DROP all opt -- in * out * 213.82.59.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 61.134.65.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 62.94.33.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 196.35.64.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 61.134.64.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 218.106.91.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 209.208.170.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 220.178.32.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 122.32.155.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 80.93.223.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.200.202.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 82.12.214.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.125.242.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.125.96.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 63.245.13.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 190.48.21.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 59.112.80.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 211.138.83.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 202.107.229.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 61.153.139.0/24 -> 0.0.0.0/0
DSHIELD all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
DROP all opt -- in * out * 123.176.80.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 128.13.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 132.232.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 134.33.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 138.252.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 143.49.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 148.3.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 152.147.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 167.97.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 170.67.0.0/16 -> 0.0.0.0/0
DROP all opt -- in * out * 192.160.44.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 192.67.16.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 193.110.136.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 193.19.120.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 193.238.120.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 193.238.36.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 194.146.204.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 195.114.16.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 195.114.8.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 195.206.120.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 195.214.236.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 195.64.162.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 195.74.88.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 195.95.161.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 196.4.167.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 198.151.152.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 198.186.16.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 198.204.0.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 199.120.163.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 199.166.200.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 199.201.151.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 199.201.152.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 199.245.138.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 199.248.213.0/24 -> 0.0.0.0/0
rootdet
Junior Member
Posts: 4
Joined: 17 Apr 2007, 19:09

Post by rootdet »

continued

DROP all opt -- in * out * 199.60.102.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 200.108.160.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 200.124.64.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 201.71.0.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 202.14.69.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 202.62.252.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.19.101.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.31.88.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 203.33.120.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.34.192.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 203.34.204.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.34.205.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.34.70.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.34.71.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.4.141.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.4.142.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.55.153.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 203.82.16.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 204.10.176.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 204.13.32.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 204.14.0.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 204.14.24.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 204.236.0.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 204.52.255.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 204.62.213.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 204.89.156.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 204.89.224.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 205.172.188.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 205.210.137.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 205.235.64.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 205.236.189.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.197.134.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.197.175.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.197.176.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.197.177.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.197.28.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.197.29.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.197.99.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 206.81.80.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 207.191.160.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 208.64.44.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 209.165.224.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 209.197.192.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 209.203.160.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 209.205.192.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 209.205.224.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 211.155.128.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 213.135.80.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 216.108.224.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 216.130.192.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 216.16.128.0/18 -> 0.0.0.0/0
DROP all opt -- in * out * 216.211.144.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 217.69.112.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 58.83.4.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 63.246.32.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 64.18.240.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 64.28.176.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 65.182.128.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 65.255.32.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 66.102.32.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 66.110.72.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 66.181.160.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 66.185.112.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 66.235.128.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 66.55.160.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 66.64.96.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 66.79.96.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 69.10.0.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 69.67.64.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 69.8.176.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 72.21.128.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 72.21.64.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 80.71.64.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 81.17.16.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 81.95.144.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 83.223.224.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 83.223.240.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 85.255.112.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 86.105.230.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 86.111.128.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 86.59.128.0/17 -> 0.0.0.0/0
DROP all opt -- in * out * 86.59.160.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 88.206.0.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 88.206.0.0/17 -> 0.0.0.0/0
DROP all opt -- in * out * 88.206.64.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 88.206.8.0/21 -> 0.0.0.0/0
DROP all opt -- in * out * 88.206.80.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 89.104.112.0/22 -> 0.0.0.0/0
DROP all opt -- in * out * 89.145.128.0/20 -> 0.0.0.0/0
DROP all opt -- in * out * 89.187.192.0/19 -> 0.0.0.0/0
DROP all opt -- in * out * 89.233.64.0/18 -> 0.0.0.0/0
DROP all opt -- in * out * 89.32.203.0/24 -> 0.0.0.0/0
DROP all opt -- in * out * 89.35.0.0/23 -> 0.0.0.0/0
DROP all opt -- in * out * 91.146.112.0/20 -> 0.0.0.0/0
SPAMHAUS all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
REJECT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:25 reject-with icmp-port-unreachable
iptables: No chain/target/match by that name
ACCEPT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:25 OWNER UID match 0
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `DSHIELD'
Flushing chain `INVDROP'
Flushing chain `LOGDROPIN'
Flushing chain `LOGDROPOUT'
Flushing chain `SPAMHAUS'
Flushing chain `acctboth'
Deleting chain `DSHIELD'
Deleting chain `INVDROP'
Deleting chain `LOGDROPIN'
Deleting chain `LOGDROPOUT'
Deleting chain `SPAMHAUS'
Deleting chain `acctboth'
Error: iptables command [/sbin/iptables -v -I OUTPUT -p tcp --dport 25 -m owner --uid-owner 0 -j ACCEPT] failed, at line 537

...Done.
Restarting lfd...
Stopping lfd:[ OK ]
[ OK ]
Starting lfd:[ OK ]

...Done.
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

Are you running on a VPS? If so, then Virtuozzo don't support the standard iptables module ipt_owner, so you cannot use the SMTP_BLOCK option and should disable it. If you're not on a VPS, are you running a custom kernel?
Meeven
Junior Member
Posts: 24
Joined: 16 Feb 2007, 12:27

Post by Meeven »

chirpy wrote:Are you running on a VPS? If so, then Virtuozzo don't support the standard iptables module ipt_owner, so you cannot use the SMTP_BLOCK option and should disable it.
Will it be a good idea then to make use of WHM's SMTP_BLOCK and SMTP_ALLOWLOCAL settings at Tweak Security instead of the CSF config? I am on a VPS.
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

There's no point in enabling the setting in WHM as it will simply silently fail and not work as it uses the same iptables rules as csf does.
MACscr
Junior Member
Posts: 46
Joined: 12 Jan 2007, 20:43

Post by MACscr »

please remove, wrong forum
Post Reply