Results 1 to 6 of 6
-
11-12-2009, 02:55 PM #1Junior Guru Wannabe
- Join Date
- Jan 2003
- Location
- Valencia, CA
- Posts
- 65
Need help with APF blocking issue
Hi. We've recently hit a snag with APF that we can't figure out and hope you may be able to offer some guidance.
There have been a few instances where a client has been unable to send email. When we checked, they could not connect to port 25 or 587, but they were NOT in the APF deny_hosts file. They were able to connect to websites on the server, just not to the SMTP port. Telenet was not able to connect either.
As soon as we turned off APF they were able once again to connect to the SMTP port. We do have both ports open in conf.apf, and there are over 50 other clients on this particular server who can access SMTP without any problem.
We turned on extended logging and can see in the apf_drops log that their IP is being blocked, but it doesn't seem to tell us WHY it is being blocked.
Is there a way to see exactly what rule or rules are causing the block? Is there anything else we need to do to prevent this problem in the future? Any and all guidance is sincerely appreciated!
-
11-12-2009, 03:30 PM #2Web Hosting Master
- Join Date
- Oct 2004
- Location
- Kerala, India
- Posts
- 4,771
There is an option in APF called "SYSCTL_SYNCOOKIES". If this is enabled it tries to block the syn-flooding and this may affect the tcp services temporarily.
David | www.cliffsupport.com
Affordable Server Management Solutions sales AT cliffsupport DOT com
CliffWebManager | Access WHM from iPhone and Android
-
11-12-2009, 05:22 PM #3Junior Guru Wannabe
- Join Date
- Oct 2009
- Posts
- 58
I recommend replacing your apf with csf.
Windows/Linux Expert; Plesk/Cpanel/Ensim Guru.
..and an expert spam tracker.
-
11-12-2009, 06:56 PM #4Junior Guru Wannabe
- Join Date
- Jan 2003
- Location
- Valencia, CA
- Posts
- 65
Thanks for the quick replies. We've been happy overall with APF, although we have seen lots or recommendations for CSF.
The syn cookies option WAS enabled, but when we turned it off and restarted APF the IP was still blocked. When we turned off APF the connection came back up.
There's gotta be someplace where APF logs what rules are being used to deny an IP. We can see the IP in apf_drops, but that log doesn't seem to show which rule is being applied. Does anyone know if/where this type of info is stored?
Thanks.
-
11-13-2009, 05:12 AM #5Web Hosting Master
- Join Date
- Oct 2004
- Location
- Kerala, India
- Posts
- 4,771
You have BFD installed? Can you please paste sample APF logs here?
David | www.cliffsupport.com
Affordable Server Management Solutions sales AT cliffsupport DOT com
CliffWebManager | Access WHM from iPhone and Android
-
11-13-2009, 05:19 AM #6Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
From past experience, I've found that 99.9% of the time when a client cannot connect to port 25 it is because it is blocked by their ISP. Because of this I allow clients to also use port 26 for SMTP which resolves the issue.
Nevermind, I must have missed the line where you are actually seeing it blocked in the log. Ignore this post.Last edited by ZKuJoe; 11-13-2009 at 05:20 AM. Reason: Re-read the first post.
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
Similar Threads
-
APF Blocking me and other.... no logs ?
By excessnet in forum Hosting Security and TechnologyReplies: 6Last Post: 09-08-2006, 07:47 PM -
APF - Blocking all traffic
By desertking in forum Hosting Security and TechnologyReplies: 5Last Post: 11-14-2005, 12:00 PM -
apf blocking port issue
By dropby23 in forum Hosting Security and TechnologyReplies: 2Last Post: 08-11-2005, 07:52 AM -
Blocking IP's from APF
By DediFast in forum Hosting Security and TechnologyReplies: 2Last Post: 07-09-2004, 08:32 AM -
APF not BLocking Telnet?
By MBC in forum Hosting Security and TechnologyReplies: 11Last Post: 01-25-2004, 12:24 PM