Author Topic: LFD POP3 & SMTP attack aren't blocked.  (Read 119 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
LFD POP3 & SMTP attack aren't blocked.
« on: July 03, 2018, 09:27:44 AM »
With the default csf config the
LF_POP3D = "0"
LF_POP3D_PERM = "0"

So it doesn't block attacks.
Enabling the LF_POP3D = "1" doesn't change anything.
The attack still continue without a ban.

Offline
*
Re: LFD POP3 & SMTP attack aren't blocked.
« Reply #1 on: July 03, 2018, 09:48:49 AM »
Already found a fault in the csf.conf

The log location is wrong:
POP3D_LOG = "/var/log/maillog"
IMAPD_LOG = "/var/log/maillog"

should be
/var/log/dovecot-info.log

The log contains auth failures for pop3 and imap.
But the bans still don't work
« Last Edit: July 03, 2018, 09:55:36 AM by belrpr »

Offline
*
Re: LFD POP3 & SMTP attack aren't blocked.
« Reply #2 on: July 03, 2018, 11:45:58 AM »
you should use the correct configuration from the wiki
http://wiki.centos-webpanel.com/csflfd-firewall-configuration
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: LFD POP3 & SMTP attack aren't blocked.
« Reply #3 on: July 03, 2018, 12:04:21 PM »
Yeah that fixes things.
But why is the default config not correct. It isn't the basic csf config because the regex.custom has some CWP login checks.