ConfigServer Community Forum

I created a custom rule containing the regex copied as-is from RegexMain.pm and this successfully blocks offending IPs.

As far as we can see, all other types of blocking are working correctly.

Since the upgrade to 14.19, repeated failed imapd logins in maillog are no longer getting blocked. For example, the following (obfuscated) maillog entries did not result in a block, which they would have in earlier versions: Jul 30 23:09:04 vps dovecot: imap-login: Disconnected: Aborted login by log...

Hi Repeated maillog entries of the following form were not detected when they should have been (obfuscated): Jun 6 13:28:17 vps dovecot: pop3-login: Disconnected: Connection closed: read(size=984) failed: Connection reset by peer (auth failed, 1 attempts in 2 secs): user=<someone@example.com>, metho...

Hi Thanks for the update. However all login failures are still not being caught. I think there are two problems in the new regex: 1. It does not capture login failures with "Disconnected: Connection closed (auth failed...". (These would previously have just been "Disconnected: (auth f...

Since upgrading to cPanel/WHM version 100, some (all?) dovecot login failures are no longer being caught by lfd. It appears that the log entries have changed eg <date> vps dovecot: imap-login: Aborted login (auth failed, 2 attempts in 17 secs): has become: <date> vps dovecot: imap-login: Disconnecte...

The last set of files available for download without a licence are available at archive.org. Don't know how easy it would be to use these in csf.

https://forum.matomo.org/t/maxmind-is-c ... es/35439/3

This is probably rather obvious, but you have to restart csf/lfd for it to read csf.conf and find the valid key.

You need to update to 13.10 as described in the blog post.

Thanks for your quick response to this despite the timing!

I guess you are aware of this, or soon will be when you get back from your holidays, but an account is now required to use the free MaxMind GeoLite2 databases. https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/ You will see errors like the following in...