Knowledgebase

Portal Home > Knowledgebase > Articles Database > csf frequent IMAP/POP3 blocks


csf frequent IMAP/POP3 blocks




Posted by ahamedadmin, 09-02-2015, 01:16 PM
Hello, I am a new member here. On our shared server customers are getting blocked too frequently for failed imap and pop3 login, is there any way to prevent this block rather than asking them to correct password and fix email client ? Basically we don't want to block our customer even if they use wrong password but want to protect email account from hack Do you guys have same issues ? Do you have LF_IMAPD and LF_POP3D enabled on shared server firewall ? Last edited by ahamedadmin; 09-02-2015 at 01:21 PM.
Posted by lynxkript, 09-02-2015, 05:01 PM
You can increase the number of failed login attempts before the IP getting blocked by the firewall. Also it is better to convince the customer that the firewall block exist for the security of their accounts.
Posted by brianoz, 09-03-2015, 03:40 AM
Look into the RELAYHOSTS setting, which will prevent blocking of IPs that are logging into POP or IMAP successfully. You need the following in /etc/csf/csf.conf: RELAYHOSTS = "1"
Posted by bear, 09-03-2015, 07:55 AM
Isn't the point that they're not logging in successfully? I would think that the client would end up frustrated if they can never log in, thinking your service is bad somehow. Being blocked shows you care about security and offers a chance to get them fixed up properly when they contact you about it.
Posted by Srv24x7, 09-03-2015, 09:44 AM
Hi, Most of the email hacking attempts are through brute force and if repeated attempts are allowed, chances of email being hacked is as high as it can be. I would suggest you just increase the count, for example default is set to 10 attempts, raise it to 20 or 30.
Posted by brianoz, 09-03-2015, 09:31 PM
Sorry, had missed that. However, if they've got other people (or even other email accounts) logging in successfully from the same IP (common in shared office situations) the RELAYHOSTS technique will reduce the number of blocks a lot and is still going to be generally helpful. The other trick might be to whitelist their IP, if you can ask them when you first contact them. If you then enable IGNORE_ALLOW they won't get blocked. The other thing that helps is to make the block for wrong passwords temporary; so at least a block will self-remove after a while. We use an hour or so but others may have varying opinions? eg LF_POP3D_PERM = "4000" eg LF_IMAPD_PERM = "4000"


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Someone please inform me!!!! (Views: 488)
No more cronjobs (Views: 483)
24hostingnow (Views: 497)
how can i encode javascript ?? (Views: 493)
Help me test my server. (Views: 516)

Language: