CSF SMTP AUTH Blocking Issue

Operating System & Version
CENTOS 7.9 xen hvm
cPanel & WHM Version
v96.0.14

RayJ

Member
Mar 24, 2017
8
0
1
Las Vegas
cPanel Access Level
Root Administrator
I have many clients getting their IP blocked from failed logins to SMTP. Oddly, it only effects Outlook/Office365.

Full disclosure this is due to the client having bad credentials set in their Outlook client.

The firewall is correctly blocking these.

My question is: why does the IP get blocked if the same login credentials are used over and over?

I understand if someone was brute forcing with different credentials.

Is there any way to just ignore multiple failed logins that use the same IP/user/pass?

I have way to many clients to successfully white list all potential IP addresses.

--

PS: forgot to mention, i realize that CSF/LFD is not a WHM/CPanel system, but from a third party. I am also asking about this on ConfigServer Community Forum - Index page
 
Last edited by a moderator:

quietFinn

Well-Known Member
Feb 4, 2006
1,329
141
193
Finland
cPanel Access Level
Root Administrator
My question is: why does the IP get blocked if the same login credentials are used over and over?
Because CSF does not see the used login credientials, it only sees that they are wrong.