0

In my csf.deny, I have 0.0.0.0/0 blocked to prevent requests being sent to the raw server IP. This creates issues with sending e-mails. I utilize Google SMTP to send e-mail. I can't seem to figure out how to whitelist Gmail's SMTP while blocking 0.0.0.0/0. My Gmail SMTP settings are correct, and send e-mail properly when I don't have 0.0.0.0/0 blocked.

I've tried a variety of things to try to allow Gmail's SMTP through, including:

  • Only blocking incoming requests to all ports from 0.0.0.0/0 with no rules on outgoing requests
  • Performing nslookup smtp.gmail.com, and whitelisting those IPs
  • Whitelisting smtp.gmail.com in csf.dyndns

No matter what I try, if 0.0.0.0/0 is in csf.deny, e-mail will not be sent. Any suggestions?

anxiety
  • 3
  • 3
  • Maybe you want to share a little more context/configuration and the direction of connections, its unclear why you would employ *IPv4* firewall rules to configure your *SMTP-level* policies. Which probably encompass SMTP traffic in both IPv4 & IPv6 anyway. Who initializes the connection? What criteria do you *actually* want to base your decisions on, as it sounds like IP addresses were merely an attempt to match something else? – anx Jan 09 '23 at 23:46

1 Answers1

0

Whitelist smtp.gmail.com in csf.dyndns, and in csf.conf verify you have DYNDS = "300", and DYNDNS_IGNORE = "1"

  • DYNDNS is the number of seconds for CSF to poll for a change in the IP address of your specific FQDN (smtp.gmail.com)
  • DYNDNS_IGNORE will ignore csf.dyndns IP addresses from lfd blocking.
carson
  • 16
  • 3