CSF Blocking Gmail

[ashokjp]

The mails sent out from my server to gmail accounts (mainly) are getting blocked, the mail fails after around a day or 2 saying connection refused.

Initially i thought this was gmail error, seeing the mail bounce. But on investigating on the issue, i found the mails in queue

When i click deliver now, it says Connection refused to the gmail server ip 74.125.155.27

This has been happening for quiet a month now, last week what i did was i went ahead and excluded all gmail ips(as far as i could gather) from lfd as well as csf allow ips. This is the code of advanced port filtering i used

Code: Select all

#-------------------------GOOGLE BOT ---------------##############
d=80:s=72.14.193.5 # GOOGLE
tcp:in:d=80:s=216.239.32.0/19
tcp:in:d=80:s=64.233.160.0/19
tcp:in:d=80:s=72.14.192.0/18
tcp:in:d=80:s=209.85.128.0/17
tcp:in:d=80:s=66.102.0.0/20
tcp:in:d=80:s=74.125.0.0/16
tcp:in:d=80:s=66.249.64.0/19
tcp:in:d=80:s=66.249.80.0/20
tcp:in:d=80:s=64.18.0.0/20
tcp:in:d=80:s=207.126.144.0/20
tcp:in:d=80:s=173.194.0.0/16

d=25:s=72.14.193.5 # GOOGLE inbound smtp
d=25:s=216.239.32.0/19
d=25:s=64.233.160.0/19
d=25:s=72.14.192.0/18
d=25:s=209.85.128.0/17
d=25:s=66.102.0.0/20
d=25:s=74.125.0.0/16
d=25:s=66.249.64.0/19
d=25:s=66.249.80.0/20
d=25:s=64.18.0.0/20
d=25:s=207.126.144.0/20
d=25:s=173.194.0.0/16

d=25:d=72.14.193.5 # GOOGLE outbound smtp
d=25:d=216.239.32.0/19
d=25:d=64.233.160.0/19
d=25:d=72.14.192.0/18
d=25:d=209.85.128.0/17
d=25:d=66.102.0.0/20
d=25:d=74.125.0.0/16
d=25:d=66.249.64.0/19
d=25:d=66.249.80.0/20
d=25:d=64.18.0.0/20
d=25:d=207.126.144.0/20
d=25:d=173.194.0.0/16

Despite this, today again mails got blocked with same reason
I went to CSF interface, and searched for this ip, but all i got was

Code: Select all

LOCALINPUT  6        0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            74.125.0.0/16      tcp dpt:25
LOCALINPUT  18       0     0 ACCEPT     tcp  --  !lo    *       74.125.0.0/16        0.0.0.0/0           tcp dpt:25
LOCALINPUT  30       0     0 ACCEPT     tcp  --  !lo    *       74.125.0.0/16        0.0.0.0/0           tcp dpt:80

This means there is no block for that ip address.

The funniest part is when i restart CSF, the mail delivery resumes. This is not a coincidence, everytime i got this issue resolved but just restarting csf

And yes one more info, the gmail ips were "NOT" in temporary block too

[linkoficial]

I'm also experiencing this problem.
I use gmail for my whmcs, and I get the following error: "SMTP Error: Could not authenticate"
This occurs after 1 to 2 days working well. The problem is solved by restarting csf, but the problem again after 1 to 2 days. This is driving me crazy.

[jamboo]

I had the same problem,

just also add to:
TCP6_IN = 22,25,53,80,110,143,443,465,587,993,995
and TCP6_OUT = 22,25,53,80,110,113,443,587,993,995

This did the final trick for me.

I am using VTIGER CSF firewall GMAIL

[screege]

I am having the same problema with google apps and gmail on some accounts, gmail will respond to the user DNS time out, I do not have any google ips blocked and when restarting the firewall it will go well for 1 - 2 days. Can anybody advice on this?

This is an automatically generated Delivery Status Notification

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipient has been delayed:

cs@atelier.com.mx

Message will be retried for 1 more day(s)

Technical details of temporary failure:
DNS Error: Timeout while contacting DNS servers


Regards

[linkoficial]

Screege, try changing dns resolver to public google and opendns.

[screege]

I added ports 993 and 995 to ipv6, also and since I am not using ipv6 I did the following guide to diable ipv6 from exim, hope this helps anyone with this problema with gmail and google apps:

http://www.linuxspy.info/2333/disable-ipv6-in-exim/

Regards