Dovecot multiple auth login failures from same IP
Hi,
In my VPS with WHM version 66.0.23 installed, I see several hundreds of dovecot auth login failures from the same IP (not ours). This is requesting dovecot auth in every 2-3 seconds in /var/log/maillog. Is there a way that I could stop with WHM bult-in Brute Force protection?
27162 rip=37.49.227.236
With several requests from the same IP, it will exceed Maximum Number of Authentication Processes in Dovecot, resulting in prompting passwords for our users in Outlook.
Note: my provider says that our IP is getting blocked. I believe this is the case. It is something related to Maximum Number of Authentication Processes.
Could anyone shed some lights? Your help is greatly appreciated!
-
Hello, You'd need to configure cPHulk to use the Block IP addresses at the firewall level if they trigger brute force protection option that's referenced on the following document: cPHulk Brute Force Protection - Version 68 Documentation - cPanel Documentation Note that generally you'd want to use a firewall management utility such as CSF to help prevent these types of attacks: ConfigServer Security & Firewall (csf) Thank you. 0
Please sign in to leave a comment.
Comments
1 comment