the default install of csf seems to lack the regex.pm file and thus does not filter imap, pop 3 and such.
I posted this on the configserver forum already
But that means that we are not secure by default
i also notices that the regex used by cwp in regex.custom.pm to block failed login to cwp is not correct anymore.
On an updated system the regex does not catch the failed logins for as far as i can see
(maybe my problem ))