csf dovecot and IP blocking

Posted on

csf dovecot and IP blocking – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, firewall, iptables, csf, .

I’m using csf and noticed a lot of brute force password attempts into a particular pop3 account. csf does not appear to be blocking the IP addresses as it does with other processes. Is there a switch or config option that someone can point me to that instructs csf to block all failed dovecot login attempts?

Solution :

Have a look at the “SECTION:Login Failure Blocking and Alerts” and set the whished settings.

More specific, LF_POP3D and LF_IMAPD for the amount of attempts before its blocking the IP address.

Furthermore you need to check if the log paths are set correctly.

Go way back down into the config, and see that these settings are correct:

POP3D_LOG =
IMAPD_LOG = 

For me both are /var/log/mail.log, but check your system.

In the file csf/regex.pm you can see which attempts are being filtered.

Leave a Reply

Your email address will not be published. Required fields are marked *