Solve CSF Firewall issue with port blocking

gmail_smtp_settingsDays ago when moving one of production web system to a new node, we accidentally faced a problem of sending email using Gmail SMTP server. After some debugging the problem, I found that there is a problem on port blocking with IP v6. So I post here an article to guide how to solve CSF Firewall issue with port blocking.

  • First, if the application cannot sending email using Google SMTP server (smtp.gmail.com with port 465 – SSL or 587 – TLS), check if the configuration information is correct.
  • Then, if you are using free google apps, check if you already exceeded 99 out-sending email per day for that day. Please be noted that this restriction is applied for free Goolge apps account and will be reset after 24 hours.
  • In case the debugging information show that connection is timed out, check on the website that we can access gmail.com and smtp.gmail.com.
  • Then, try connecting to the target address via telnet ([bash]telnet smtp.gmail.com 465[/bash]

    or

    [bash]telnet smtp.gmail.com 465[/bash]

    ).

  • If telnet give connection timeout error, check if we already open port in CSF (check in/etc/csf/csf.conf). Major note is here ūüėČ
    • Be sure port is opened on¬†TCP_OUT.
    • However, some new server infrastructure utilizes IPv6, so, be sure to check¬†TCP6_OUT also.
  • Restart CSF firewall to see its affect:[bash]csf -r[/bash]

Discussion

  1. Anky

Leave a Reply