Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

csf LT_POP3D greater than 180

Discussion in 'General Discussion' started by jimboh, Dec 5, 2012.

  1. jimboh

    jimboh Registered

    Joined:
    Dec 5, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Not sure if I should be posting this here but ... I have an ecommerce website where the stores receive orders by email and use thunderbird pop set at retrieve messages every minute. I have just moved to a new server and all stores just got blocked for exceeding the limit (LT_POP3D set at 180). I dont know why they exceeded it and the fact that 8 different ips all got blocked within a couple of minutes of each other suggest maybe something else is wrong (besides the fact that being set at retrieve 1 a min should only result in 60 per hour).

    Can anyone give advice as to how to monitor this and see what access is actually being made? I have disabled the check altogether but dont think thats a good idea. On the other hand, as a fast food franchise stores cannot be blocked for upto an hour.
     
  2. STS Admin

    STS Admin Well-Known Member

    Joined:
    Jul 8, 2012
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Check the /var/log/maillog file and grep the IP 's with "pop3" string.

    Code:
    grep -i pop3 /var/log/maillog | grep XX.XX.XX.XX
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. jimboh

    jimboh Registered

    Joined:
    Dec 5, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks that is just what I was looking for.
    The result was exactly what I expected, each store connecting exactly once every minute.
    I dont know how they managed to break the 180 connections per hour limit on that basis. I suppose I will have to re-enable the 180 limit and wait for it to be exceeded again so I have the log to look at (existing maillog only shows todays events). Thing is it went around 5 days before they all suddenly failed, and I have to react quickly to clear the blocks or there will be upset customers with late orders. I was wondering if there was a way to remove those email clients from the check (but as they are going to be dynamic IPS i guess thats not really workable). Is this a dangerous check to leave disabled?
     
Loading...
Similar Threads - LT_POP3D greater
  1. copernic2006
    Replies:
    3
    Views:
    754

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice