ConfigServer Community Forum

I would like to know this too. Can't use m option at the moment because of too many false positives.

I ended up enabling FASTSTART in csf.conf I lowered DENY_IP_LIMIT to 2000. csf restarts in about 8 seconds. So, I set up a cron job to restart lfd & csf every 10 minutes. My firewall is down for about 8 seconds every 10 minutes while it is restarting which increases risk. I edited /usr/sbin/anti...

Got excited and tried it out early. It partially worked. Stopped the smtpauth attack & e-mails and I was still able to send e-mail. Problem is csf & lfd must be restarted every time /etc/relayhosts changes in order to put them in /etc/exim.smtpauth So if someone authenticates using POP/IMAP ...

Ok. I'm thinking I could...

1) Enable SMTPAUTH_RESTRICT in csf

2) Make exim config changes as outlined in /etc/csf/readme.txt

3) Symlink /etc/csf/csf.smtpauth to /etc/relayhosts

I'm going to wait a day before I try this to see if anyone has any warnings/suggestions before I give it a try.

Long ago my dial up ISP told me to insure I check POP before trying to send mail. Most e-mail applications do this in that order. How about monitoring successful POP3/IMAP logins and immediately adding the IP to say /etc/csf/csf.smtpauthallow say for X hours/days/configurable. Then only advertising ...