CSF V2.87 not blocking IP whith POP3-SSL

Marc · Post by **Marc** » 13 Aug 2007, 15:59

Hi,

CSF is configured to block IP after 5 attempts to POP3 with these values :
LF_POP3D = 5
LF_POP3D_PERM = 900

This works fine when using the POP standard port 110

When i switch to POP3-SSL using port 995, CSF doesn't detect POP failed login.

Here the content of maillog file :
Aug 13 16:45:36 looping pop3d-ssl: LOGIN FAILED, user=xxx-yyy@domain_name.info, ip=[::ffff:81.246.242.199]
Aug 13 16:45:41 looping pop3d-ssl: LOGOUT, ip=[::ffff:81.246.242.199]
Aug 13 16:45:57 looping pop3d-ssl: LOGIN FAILED, user=xxx-yyy@domain_name.info, ip=[::ffff:81.246.242.199]
Aug 13 16:46:02 looping pop3d-ssl: LOGOUT, ip=[::ffff:81.246.242.199]
Aug 13 16:46:18 looping pop3d-ssl: LOGIN FAILED, user=xxx-yyy@domain_name.info, ip=[::ffff:81.246.242.199]
Aug 13 16:46:23 looping pop3d-ssl: LOGOUT, ip=[::ffff:81.246.242.199]
Aug 13 16:46:32 looping pop3d-ssl: LOGIN FAILED, user=xxx-yyy@domain_name.info, ip=[::ffff:81.246.242.199]
Aug 13 16:46:37 looping pop3d-ssl: LOGOUT, ip=[::ffff:81.246.242.199]
Aug 13 16:46:45 looping pop3d-ssl: LOGIN FAILED, user=xxx-yyy@domain_name.info, ip=[::ffff:81.246.242.199]
Aug 13 16:46:50 looping pop3d-ssl: LOGOUT, ip=[::ffff:81.246.242.199]
Aug 13 16:46:56 looping pop3d-ssl: LOGIN FAILED, user=xxx-yyy@domain_name.info, ip=[::ffff:81.246.242.199]
Aug 13 16:47:01 looping pop3d-ssl: LOGOUT, ip=[::ffff:81.246.242.199]

Any ideas ?

Regards,

marc

Post by **chirpy** » 13 Aug 2007, 16:57

The regex's aren't checking for POP3 access over SSL (or IMAP over SSL for that matter).

I'll look at crafting some and will post and/or release in the next version.