LFD POP3 & SMTP attack aren't blocked.

With the default csf config the
LF_POP3D = "0"
LF_POP3D_PERM = "0"

So it doesn't block attacks.
Enabling the LF_POP3D = "1" doesn't change anything.
The attack still continue without a ban.

Already found a fault in the csf.conf

The log location is wrong:
POP3D_LOG = "/var/log/maillog"
IMAPD_LOG = "/var/log/maillog"

should be
/var/log/dovecot-info.log

The log contains auth failures for pop3 and imap.
But the bans still don't work

you should use the correct configuration from the wiki
http://wiki.centos-webpanel.com/csflfd-firewall-configuration

Yeah that fixes things.
But why is the default config not correct. It isn't the basic csf config because the regex.custom has some CWP login checks.

you should use the correct configuration from the wiki
http://wiki.centos-webpanel.com/csflfd-firewall-configuration

But, in this rule if activated, blocked server http and mail traffic, ssh work ok.

Custom regex for mod security, file /etc/csf/regex.custom.pm :

#mod_security
if (($config{LF_MODSEC}) and ($globlogs{MODSEC_LOG}{$lgfile}) and ($line =~ /^\[\S+ \S+ \S+ \S+ \S+\] \[(\w*)?:error\] (\[pid \d+(:tid \d+)\]) \[client \S+:\S+\] \[client (\S+)\] ModSecurity:(( \[[^\]]+\])*)? Access denied/)) {
        my $ip = $4;
        $ip =~ s/^::ffff://;
        if (split(/:/,$ip) == 2) {$ip =~ s/:\d+$//}
        my $ruleid = "unknown";
        if ($line =~ /\[id "(\d+)"\]/) {$ruleid = $1}
        if (checkip(\$ip)) {return ("mod_security (id:$ruleid) triggered by","$ip","mod_security-custom","4","80,443","1")} else {return}
}