Skip to main content

User locked out of port 110

keat63
Using CSF, I have a number of tcp ports which are only accessible to the UK. Port 110 being one of them. I've a remote user who occasionally cannot gain access to email, CSF is blocking her IP, even though she's based in the UK. This happened again last night. Adding her IP to CSF allow list and she can now collect her emails. So last night, I googled her IP, and can clearly see that it would appear to be a UK IP, i found that it was allocated to her ISP, and even found references to the town she lives in. I understand the IP database will contain errors, but this keeps happening with this user. Can anyone suggest how I interrogate the server where it things the IP might be located.

Comments

10 comments

Date Votes
  • Anupam SG
    The default DB CSF references for geo-ip is:
    0
  • keat63
    Well i'm confused, because according to the Geolite2 ASN, it's registered to British Telecom. Has a country code of 2635167 which is GB, so maybe something else is causing this.
    0
  • Anupam SG
    How are you ascertaining the CSF is blocking the customer's IP based on geography and not basis the authentication errors?
    0
  • cPanelLauren
    Hi @keat63 More to the question that was being asked by @Anupam SG - Are you using geographical (CC code) blocking? There has been some evidence that google among others proxy IP's through other countries causing geographical blocking when it seems it shouldn't be occurring.
    0
  • keat63
    If I clear out the blocklist from CSF, her email will work again for a while, maybe days, maybe weeks, maybe months. I know it's not authentication related, as the user doesn't even know her email password, this is configured in her email client, she's no requirement to input this manually at any point. I am using CC code blocking. Originally, I though this was caused by MS Mail maybe using some form of proxy, but we've since installed MS Outlook 2007. I'm not sure that the user would know what a proxy is, let alone use one. Strangely, out of about 30 users, it's only this one which has the problem.
    0
  • Infopro
    CSF is blocking her IP

    What does CSF say the IP got blocked for, exactly?
    0
  • cPanelLauren
    If I clear out the blocklist from CSF, her email will work again for a while, maybe days, maybe weeks, maybe months. I know it's not authentication related, as the user doesn't even know her email password, this is configured in her email client, she's no requirement to input this manually at any point. I am using CC code blocking. Originally, I though this was caused by MS Mail maybe using some form of proxy, but we've since installed MS Outlook 2007. I'm not sure that the user would know what a proxy is, let alone use one. Strangely, out of about 30 users, it's only this one which has the problem.

    My assumption would be the user's provider as the culprit to be honest.
    0
  • keat63
    I was rather busy on the last occasion, so I just cleared out CSF then added her current IP to the CSF allow list. This worked for a few days, then I got a message to say it had stopped working again. She's currently out of the office, so I'm unable to diagnose any further until she returns. As she's none techy, she wouldn't have tried to change her password in outlook, she wouldn't know where to do this, and she's no requirement to use this manually as she doesn't use web mail, so it can only really be down to her ISP, especially considering that it will work for days or weeks without a problem. The nexy step is to maybe whitelist a class of IP's
    0
  • Infopro
    I wouldn't. What does the entry in the CSF log to the right of the listed IP address say exactly?
    0
  • Anupam SG
    I was rather busy on the last occasion, so I just cleared out CSF then added her current IP to the CSF allow list. This worked for a few days, then I got a message to say it had stopped working again. She's currently out of the office, so I'm unable to diagnose any further until she returns. As she's none techy, she wouldn't have tried to change her password in outlook, she wouldn't know where to do this, and she's no requirement to use this manually as she doesn't use web mail, so it can only really be down to her ISP, especially considering that it will work for days or weeks without a problem. The nexy step is to maybe whitelist a class of IP's

    It is clear that something is causing her IP to be blocked by CSF. CSF doesn't do this on its own, so there is clearly something going on at user's end. Do you have the alert email configured, so you receive a notification when CSF blocks anything? That email states the reason for the block, which is usually authentication or brute forcing some other service like SSH, FTP, IMAP, SMTP.(But I guess you know this already). Being a non-techy person, she may be unsuccessfully trying to configure some other mail program? Or worse, there may well be something malicious on her device trying to gain access through email credentials? Assume the worst in such cases. I mean her being a non-techy person is all the more reason for the firewall blocks to happen, and not less. As @Infopro mentioned, adding it to whitelist now would mean you would never get to the bottom of it.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post