Results 1 to 6 of 6
  1. #1
    Join Date
    Jan 2003
    Location
    Valencia, CA
    Posts
    65

    Need help with APF blocking issue

    Hi. We've recently hit a snag with APF that we can't figure out and hope you may be able to offer some guidance.

    There have been a few instances where a client has been unable to send email. When we checked, they could not connect to port 25 or 587, but they were NOT in the APF deny_hosts file. They were able to connect to websites on the server, just not to the SMTP port. Telenet was not able to connect either.

    As soon as we turned off APF they were able once again to connect to the SMTP port. We do have both ports open in conf.apf, and there are over 50 other clients on this particular server who can access SMTP without any problem.

    We turned on extended logging and can see in the apf_drops log that their IP is being blocked, but it doesn't seem to tell us WHY it is being blocked.

    Is there a way to see exactly what rule or rules are causing the block? Is there anything else we need to do to prevent this problem in the future? Any and all guidance is sincerely appreciated!
    John
    Business & eCommerce Web Hosting, Site Development & Marketing eSolutions
    eSolutions.net

  2. #2
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,771
    There is an option in APF called "SYSCTL_SYNCOOKIES". If this is enabled it tries to block the syn-flooding and this may affect the tcp services temporarily.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  3. #3
    Join Date
    Oct 2009
    Posts
    58
    I recommend replacing your apf with csf.
    Windows/Linux Expert; Plesk/Cpanel/Ensim Guru.
    ..and an expert spam tracker.

  4. #4
    Join Date
    Jan 2003
    Location
    Valencia, CA
    Posts
    65
    Thanks for the quick replies. We've been happy overall with APF, although we have seen lots or recommendations for CSF.

    The syn cookies option WAS enabled, but when we turned it off and restarted APF the IP was still blocked. When we turned off APF the connection came back up.

    There's gotta be someplace where APF logs what rules are being used to deny an IP. We can see the IP in apf_drops, but that log doesn't seem to show which rule is being applied. Does anyone know if/where this type of info is stored?

    Thanks.
    John
    Business & eCommerce Web Hosting, Site Development & Marketing eSolutions
    eSolutions.net

  5. #5
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,771
    You have BFD installed? Can you please paste sample APF logs here?
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  6. #6
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    From past experience, I've found that 99.9% of the time when a client cannot connect to port 25 it is because it is blocked by their ISP. Because of this I allow clients to also use port 26 for SMTP which resolves the issue.

    Nevermind, I must have missed the line where you are actually seeing it blocked in the log. Ignore this post.
    Last edited by ZKuJoe; 11-13-2009 at 05:20 AM. Reason: Re-read the first post.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

Similar Threads

  1. APF Blocking me and other.... no logs ?
    By excessnet in forum Hosting Security and Technology
    Replies: 6
    Last Post: 09-08-2006, 07:47 PM
  2. APF - Blocking all traffic
    By desertking in forum Hosting Security and Technology
    Replies: 5
    Last Post: 11-14-2005, 12:00 PM
  3. apf blocking port issue
    By dropby23 in forum Hosting Security and Technology
    Replies: 2
    Last Post: 08-11-2005, 07:52 AM
  4. Blocking IP's from APF
    By DediFast in forum Hosting Security and Technology
    Replies: 2
    Last Post: 07-09-2004, 08:32 AM
  5. APF not BLocking Telnet?
    By MBC in forum Hosting Security and Technology
    Replies: 11
    Last Post: 01-25-2004, 12:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •