Failed pop3 logins not blocked
Posted: 05 May 2017, 15:03
My VPS (CentOS6 with CWP) logs failed logins in /var/log/dovecot-info.log:
I've added this custom regex but still doesn't block them:
Any ideas?
but they are not blocked by CSF.May 05 15:20:13 pop3-login: Info: Disconnected (auth failed, 1 attempts): user=<webmaster@domain.tld>, method=PLAIN, rip=IP, lip=IP
I've added this custom regex but still doesn't block them:
Code: Select all
if (($lgfile eq $config{CUSTOM3_LOG}) and ($line =~ /^\S+\s+\S+\s+\S+ pop3\-login.*auth failed.*rip\=(\S+)/)) {
return ("Pop3 failed login",$1,"pop3failed","3","110","1");
}