Page 2 of 2

Re: CSF Blocking External Email

Posted: 14 May 2023, 06:33
by Sergio
catalinaview2 wrote: 11 May 2023, 16:28 With CSF enabled, I see this line in the lfd.log periodically:
May 11 08:24:35 178 lfd[31843]: (sshd) Failed SSH login from 162.251.160.214 (US/United States/phoenix10.monitorengine.com): 5 in the last 3600secs - *Blocked in csf* [LF_SSHD]

This IP shows that it is from google but can't be sure if it is gmail or something else. The message refers to SSH but I am not clear if this is related to a email delivery.

Any ideas?
Be very careful regarding this.

SSHD has nothing to do with email, SSHD is the access root to your server.
So, that LOG line is telling you that someone from that IP (that is not from GOOGLE) has tried 5 times to access SSH on your server.
I really advise you to block forever any IP trying to access your server's SSH unless it is from you or someone that you grant access to it.

Checking about the IP 162.251.160.214 that your LOG shows, I found:
ISP iCastCenter
Usage Type Data Center/Web Hosting/Transit
Hostname(s) phoenix10.monitorengine.com
Domain Name icastcenter.com
Country United States of America
City Phoenix, Arizona
Where did you got that this IP was from GOOGLE?

Re: CSF Blocking External Email

Posted: 15 May 2023, 15:37
by catalinaview2
Also, adding /etc/csf/gmail.ignore as suggested above did not permit gmail emails to be delivered.

Re: CSF Blocking External Email

Posted: 15 May 2023, 17:48
by catalinaview2
Forget about 162.251.x.x, it's from a monitoring agent, misread it as google.

What CSF log file will show if it rejects an external email delivery? Any way to turn on verbose logging?