CSF SMTP AUTH Blocking Issue

RayJ

• July 26, 2021 23:47

I have many clients getting their IP blocked from failed logins to SMTP. Oddly, it only effects Outlook/Office365. Full disclosure this is due to the client having bad credentials set in their Outlook client. The firewall is correctly blocking these. My question is: why does the IP get blocked if the same login credentials are used over and over? I understand if someone was brute forcing with different credentials. Is there any way to just ignore multiple failed logins that use the same IP/user/pass? I have way to many clients to successfully white list all potential IP addresses. -- PS: forgot to mention, i realize that CSF/LFD is not a WHM/CPanel system, but from a third party. I am also asking about this on

• 

  quietFinn

  • July 27, 2021 05:00

  My question is: why does the IP get blocked if the same login credentials are used over and over?

  
  Because CSF does not see the used login credientials, it only sees that they are wrong.

  0
• 

  RayJ

  • July 27, 2021 07:17

  Got it. Right. That makes sense. Thanks!

  0
• 

  cPRex Jurassic Moderator

  • July 27, 2021 13:04

  Thanks @quietFinn !

  0
• 

  sahostking

  • August 11, 2021 07:49

  Try reading up relayhosts option in CSF. It helps alot.

  0

Please sign in to leave a comment.