Skip to main content

CSF to block dovecot login failures?

Comments

3 comments

  • 24x7server
    Hello, Have you enable " Login Failure Detection " in your CSF firewall setting ? I will suggest you to enable it and configure it as per your setting
    0
  • cPanelMichael
    Hello :) You can have CSF/LFD detect and block the brute force attempt automatically. Or, if you prefer to manually block the IP address, you should be able to find the IP address in /var/log/maillog directly before/after the entries you posted. Thank you.
    0
  • quizknows
    LFD should be parsing dovecot failures already. If you are experienced with regex (regular expressions) you can use a custom file (regex.custom.pm) with CSF to create your own ways to block based on log entries. This requires setting the custom log paths in csf.conf in addition to the needed regex knowledge.
    0

Please sign in to leave a comment.