Failed pop3 logins not blocked

Post Reply
polux
Junior Member
Posts: 2
Joined: 05 May 2017, 14:52

Failed pop3 logins not blocked

Post by polux »

My VPS (CentOS6 with CWP) logs failed logins in /var/log/dovecot-info.log:
May 05 15:20:13 pop3-login: Info: Disconnected (auth failed, 1 attempts): user=<webmaster@domain.tld>, method=PLAIN, rip=IP, lip=IP
but they are not blocked by CSF.

I've added this custom regex but still doesn't block them:

Code: Select all

if (($lgfile eq $config{CUSTOM3_LOG}) and ($line =~ /^\S+\s+\S+\s+\S+ pop3\-login.*auth failed.*rip\=(\S+)/))  {
		return ("Pop3 failed login",$1,"pop3failed","3","110","1");
	}
Any ideas?
Last edited by polux on 06 May 2017, 12:31, edited 1 time in total.
polux
Junior Member
Posts: 2
Joined: 05 May 2017, 14:52

Re: Failed pop3 logins not blocked

Post by polux »

After restarting the server, the rule is working.
Post Reply