I have many clients getting their IP blocked from failed logins to SMTP. Oddly, it only effects Outlook/Office365.
Full disclosure this is due to the client having bad credentials set in their Outlook client.
The firewall is correctly blocking these.
My question is: why does the IP get blocked if the same login credentials are used over and over?
I understand if someone was brute forcing with different credentials.
Is there any way to just ignore multiple failed logins that use the same IP/user/pass?
I have way to many clients to successfully white list all potential IP addresses.
--
PS: forgot to mention, i realize that CSF/LFD is not a WHM/CPanel system, but from a third party. I am also asking about this on ConfigServer Community Forum - Index page
Full disclosure this is due to the client having bad credentials set in their Outlook client.
The firewall is correctly blocking these.
My question is: why does the IP get blocked if the same login credentials are used over and over?
I understand if someone was brute forcing with different credentials.
Is there any way to just ignore multiple failed logins that use the same IP/user/pass?
I have way to many clients to successfully white list all potential IP addresses.
--
PS: forgot to mention, i realize that CSF/LFD is not a WHM/CPanel system, but from a third party. I am also asking about this on ConfigServer Community Forum - Index page
Last edited by a moderator:
