ConfigServer Community Forum

In the server I have set:
RESTRICT_SYSLOG = 3
LF_TRIGGER = 0
LF_TRIGGER_PERM = 1
LF_SELECT = OFF

LF_EXIMSYNTAX = 10
LF_EXIMSYNTAX_PERM = 3600

LF_IMAPD = 10
LF_IMAPD_PERM = 1

But even with that set, /var/log/messages shows, please note that I don't have those IP white listed:

EXIM SYNTAX, ignored:
Jun 13 12:23:07 serverX lfd[393306]: Exim syntax errors from 123.123.123.123 - ignored
Jun 13 12:25:18 serverX lfd[393306]: Exim syntax errors from 123.123.123.123 - ignored
Jun 13 12:26:19 serverX lfd[393306]: Exim syntax errors from 123.123.123.123 - ignored
Jun 13 12:27:20 serverX lfd[393306]: Exim syntax errors from 123.123.123.123 - ignored
Jun 13 12:27:20 serverX lfd[393306]: Exim syntax errors from 123.123.123.123 - ignored
Jun 13 12:29:01 serverX lfd[393306]: Exim syntax errors from 123.123.123.123 - ignored
Jun 13 12:31:38 serverX lfd[393306]: Exim syntax errors from 123.123.123.123 - ignored
Jun 13 12:32:38 serverX lfd[393306]: Exim syntax errors from 123.123.123.123 - ignored
Jun 13 12:33:39 serverX lfd[393306]: Exim syntax errors from 123.123.123.123 - ignored
Jun 13 12:33:39 serverX lfd[393306]: Exim syntax errors from 123.123.123.123 - ignored
Jun 13 12:34:49 serverX lfd[393306]: Exim syntax errors from 123.123.123.123 - ignored
Jun 13 12:37:06 serverX lfd[393306]: Exim syntax errors from 123.123.123.123 - ignored
Jun 13 12:38:12 serverX lfd[393306]: Exim syntax errors from 123.123.123.123 - ignored
Jun 13 12:39:12 serverX lfd[393306]: Exim syntax errors from 123.123.123.123 - ignored
* SPOOFED IP

IMAPD, ignored:
Jun 13 12:11:23 server2 lfd[811449]: Failed IMAP login from 123.123.123.123 - ignored
Jun 13 12:11:28 server2 lfd[811449]: Failed IMAP login from 123.123.123.123 - ignored
Jun 13 12:11:28 server2 lfd[811449]: Failed IMAP login from 123.123.123.123 - ignored
Jun 13 12:12:33 server2 lfd[811449]: Failed IMAP login from 123.123.123.123 - ignored
Jun 13 12:12:43 server2 lfd[811449]: Failed IMAP login from 123.123.123.123 - ignored
Jun 13 12:17:32 server2 lfd[811449]: Failed IMAP login from 123.123.123.123 - ignored
Jun 13 12:17:47 server2 lfd[811449]: Failed IMAP login from 123.123.123.123 - ignored
Jun 13 12:22:37 server2 lfd[393306]: Failed IMAP login from 123.123.123.123 - ignored
Jun 13 12:22:52 server2 lfd[393306]: Failed IMAP login from 123.123.123.123 - ignored
Jun 13 12:33:39 server2 lfd[393306]: Failed IMAP login from 123.123.123.123 - ignored
Jun 13 12:33:49 server2 lfd[393306]: Failed IMAP login from 123.123.123.123 - ignored
Jun 13 12:34:49 server2 lfd[393306]: Failed IMAP login from 123.123.123.123 - ignored
Jun 13 12:35:00 server2 lfd[393306]: Failed IMAP login from 123.123.123.123 - ignored
Jun 13 12:51:19 server2 lfd[393306]: Failed IMAP login from 123.123.123.123 - ignored
Jun 13 12:51:30 server2 lfd[393306]: Failed IMAP login from 123.123.123.123 - ignored
* SPOOFED IPs

This has been working before.

Regards,
Sergio

That is only going to happen if the IP address appears in either:

1. a local ignore
2. a global ignore
3. CC_IGNORE
4. csf.rignore as a domain
5. the IP is a local IP

either explicitly or as part of a CIDR.

ForumAdmin wrote:That is only going to happen if the IP address appears in either:

1. a local ignore:
No it is not in a local ignore.

2. a global ignore:
No it is not in a global ignore.

3. CC_IGNORE:
Is empty.

4. csf.rignore as a domain:
Only google.com is on csf.rignore.

5. the IP is a local IP:
No, it is not a local IP.

6. either explicitly or as part of a CIDR:
In the server the only CIDR allowed are gmail IPs and the offending IPs are not from gmail.

Here is what CSF shows when searching for the IP:

Searching for 123.123.123.123...
Chain num pkts bytes target prot opt in out source destination
No matches found for 123.123.123.123 in iptables

IPSET: Set:cc_xx Match:123.123.123.123 Setting:CC_ALLOW_PORTS Country: XX

ip6tables:
Chain num pkts bytes target prot opt in out source destination
No matches found for 123.123.123.123 in ip6tables

...Done.

Under CC_ALLOW_PORTS_TCP/UDP only ports 20 and 21 are set and none of them are for Exim nor IMAP.

Something else that I should check?