Blocked IP still comes back
Posted: 17 May 2018, 10:32
I see in my logs a small number of failed logins from an IP, which is blocked in CSF at 00:04am
xxxx.xxx.xxx.xxx # lfd: (smtpauth) Failed SMTP AUTH login from xxx.xxx.xxx.xx. (AU/Australia/New South Wales/Sydney/xxx.xxx.xxx.xx.static.exetel.com.au): 1 in the last 3600 secs - Mon May 14 00:04:44 2018
If I look in my exim reject log, I can see that the logins continued after this time.
How could this happen ??
2018-05-14 00:04:46 dovecot_login authenticator failed for xxx.xxx.xxx.xx.static.exetel.com.au (NHCDC1) [xxx.xxx.xxx.xx.]:54567: 535 Incorrect authentication data
2018-05-14 00:07:29 dovecot_login authenticator failed for xxx.xxx.xxx.xx..static.exetel.com.au (NHCDC1) [xxx.xxx.xxx.xx.]:55419: 535 Incorrect authentication data
xxxx.xxx.xxx.xxx # lfd: (smtpauth) Failed SMTP AUTH login from xxx.xxx.xxx.xx. (AU/Australia/New South Wales/Sydney/xxx.xxx.xxx.xx.static.exetel.com.au): 1 in the last 3600 secs - Mon May 14 00:04:44 2018
If I look in my exim reject log, I can see that the logins continued after this time.
How could this happen ??
2018-05-14 00:04:46 dovecot_login authenticator failed for xxx.xxx.xxx.xx.static.exetel.com.au (NHCDC1) [xxx.xxx.xxx.xx.]:54567: 535 Incorrect authentication data
2018-05-14 00:07:29 dovecot_login authenticator failed for xxx.xxx.xxx.xx..static.exetel.com.au (NHCDC1) [xxx.xxx.xxx.xx.]:55419: 535 Incorrect authentication data