Controlling outgoing SMTP traffic is a crucial step in securing your Linux server and preventing unauthorized email activity, such as spam or abuse. By blocking all outgoing SMTP connections and allowing only approved users or services to send mail, you can reduce the risk of your server being blacklisted and maintain better control over email delivery. This guide will show you how to implement this restriction using CSF (ConfigServer Security & Firewall) or similar firewall tools.
1. Edit the CSF configuration file:
$sudo nano /etc/csf/csf.conf
Find the line:
$SMTP_BLOCK = "0"
Change it to:
$SMTP_BLOCK = "1"
This blocks all users (except approved ones) from sending outbound mail via SMTP (ports 25, 465, and 587).
2. Allow Only Trusted Mail-Sending Users
Still in /etc/csf/csf.conf, find the line:
SMTP_ALLOWUSER =
Specify only the users or services that are allowed to send mail.
For example:
SMTP_ALLOWUSER = "postfix"
If you're using Exim, Sendmail, or any specific script user, add them too:
SMTP_ALLOWUSER = "postfix,www-data,mailer"
3. Optional: Allow Specific Groups
You can also allow a group of users by:
SMTP_ALLOWGROUP = "mailusers"
Make sure to create the group and add the necessary users.
4. Save and Restart CSF
After editing, save and exit (Ctrl + O, Enter, Ctrl + X) and restart CSF:
$sudo csf -r
5. Use CSF with LF_SCRIPT_LIMIT
set alerts on suspicious scripts sending too much mail.
Edit /etc/csf/csf.conf:
LF_SCRIPT_LIMIT = "50"
LF_SCRIPT_ALERT = "1"
This will alert if a script sends more than 50 emails in a short period.
5. Verify
Try to send an email using a blocked user account or script — it should fail with a connection error to SMTP.
You can check CSF logs via:
sudo tail -f /var/log/lfd.log
Or test with:
$telnet smtp.yourmailhost.com 25
