Cantech Knowledge Base

Your Go-To Hosting Resource

  1. WHM
  2. How to Allow Outbound SMTP in CSF Firewall via WHM/cPanel?

How to Allow Outbound SMTP in CSF Firewall via WHM/cPanel?

introduction

After the installation of the CSF (ConfigServer Security & Firewall) application, some hosting clients may have problems when sending electronic mail. This particular problem is common with WordPress users.

This issue can be solved through the settings of the WHM, where the administrators will be required to permit outbound SMTP (Simple Mail Transfer Protocol) traffic through the CSF Firewall.

Why Should CSF Block Outbound Email?

By default, the CSF Firewall implements a strict security policy to ensure that spam mail or malicious scripts do not send mass email from the server.

Such a high degree of protection, in some cases, blocks legitimate email sending functions. In the case of PHP-based tools and WordPress, administrators should disable the setting that imposes these outbound email restrictions to guarantee the proper application functionality.

Steps to Allow Outbound SMTP in CSF Firewall

It is necessary to use root access in order to adjust this security setting in your WHM panel. These are the steps to make changes in the firewall configuration and allow outgoing email.

Access Your WHM Root Account

You need to log in to your WHM control panel with your complete root account credentials.

Navigate to Plugins

In the main menu, you will find an option called Plugins, and click on it.

Open ConfigServer Security & Firewall

Within the Plugins section, there is the ConfigServer Security and Firewall link. This will open the main interface for the CSF application.

Access Firewall Configuration

Within the CSF application interface, you will find the following:

Select Tab: Click on the csf tab.

Click the button: Find the section named csf – ConfigServer Firewall and click the Firewall Configuration button.

The complete configuration interface of the ConfigServer Firewall will then be visible.

Disable SMTP Blocking

What you must do is locate and modify the specific setting that blocks outgoing mail.

Select Section: Choose the section that is titled SMTP Settings.

Change Switch: Go to the field called SMTP_BLOCK. Click on the switch button for this field and set it to the ‘Off’ position.

Save and Apply Changes

Go to the bottom of the page to finalize the modification.

Click Change: Click the Change button to save the changes you have just made to the configuration.

Click Restart: To make sure that the firewall is using the new settings, click the Restart csf+lfd button.

This last step restarts the CSF application and makes the changes. The CSF Firewall will therefore no longer block outgoing SMTP traffic for your WHM/cPanel server.

Conclusion

One of the steps to solve email sending problems, especially when using applications such as WordPress, is to disable the outbound SMTP block of the CSF Firewall. With this quick configuration change in WHM and restarting the service, administrators can make sure that the firewall does not continue to block legitimate outgoing email traffic in the server.

Frequently Asked Questions

What type of users are most commonly affected by this issue of blocking legitimate email sending functions?

This email sending problem is most prevalent with WordPress users and other clients who have a web application based on the mail functionality of PHP.

What specific setting must be disabled in CSF?

The field that you need to turn off is the SMTPBLOCK field that determines the firewall policies on outgoing mail transfers.

What is the purpose of clicking the ‘Restart csf+lfd’ button?

This button will cause the CSF application to reload its configuration files and apply the newly saved changes to the active firewall rules immediately.

Where can I find the CSF application in WHM?

To access the CSF application, you will have to log into WHM and then enter the section Plugins. Then, click on the ‘ConfigServer Security and Firewall’ link.

Does turning off SMTP_BLOCK completely remove all email security?

No, although it stops the specific outbound port blocking, all the other security features of the firewall, like login failure daemon (lfd) and other general packet filtering rules, remain active and provide general server protection.

April 29, 2026