CSF or LFD do not detect failed logins via email and do not send report emails

[noobof]

CSF or LFD do not detect failed logins via email and do not send report emails.
Hi, I've been using csf for a while now and I've noticed from the journal logs that there are several failed login attempts via pop and imap. It seems that these, unlike ssh login attempts, are simply ignored.

Code: Select all

cat /etc/csf/csf.conf | grep mail.log
POP3D_LOG = “/var/log/mail.log”
IMAPD_LOG = ”/var/log/mail.log”

The server on which I have now installed it is a Debian 12, before I used CentOS 7. I have practically duplicated the configuration I had before, even if csf has taken over many things automatically.
So my problem is that CSF or LFD do not detect failed logins via email and do not send the report emails.
I have also created a

Code: Select all

CUSTOM2_LOG = “/var/log/journal-custom.log”

Which contains the output of

Code: Select all

/usr/bin/journalctl --since “1 month ago” -g “auth” |grep -i failure > /var/log/journal-custom.log

In which all failed login attempts are clearly indicated for greater security, including those on pop and imap, but without having any positive feedback.
I'm sure I'm missing something and so I was wondering if some kind soul had the time to give me some advice on the matter.