Re: CSF Blocking External Email
Posted: 14 May 2023, 06:33
Be very careful regarding this.catalinaview2 wrote: ↑11 May 2023, 16:28 With CSF enabled, I see this line in the lfd.log periodically:
May 11 08:24:35 178 lfd[31843]: (sshd) Failed SSH login from 162.251.160.214 (US/United States/phoenix10.monitorengine.com): 5 in the last 3600secs - *Blocked in csf* [LF_SSHD]
This IP shows that it is from google but can't be sure if it is gmail or something else. The message refers to SSH but I am not clear if this is related to a email delivery.
Any ideas?
SSHD has nothing to do with email, SSHD is the access root to your server.
So, that LOG line is telling you that someone from that IP (that is not from GOOGLE) has tried 5 times to access SSH on your server.
I really advise you to block forever any IP trying to access your server's SSH unless it is from you or someone that you grant access to it.
Checking about the IP 162.251.160.214 that your LOG shows, I found:
Where did you got that this IP was from GOOGLE?ISP iCastCenter
Usage Type Data Center/Web Hosting/Transit
Hostname(s) phoenix10.monitorengine.com
Domain Name icastcenter.com
Country United States of America
City Phoenix, Arizona