Disabling firewall IP blocking on POP3/SMTP/webmail login failures


Well-Known Member
Oct 20, 2009
cPanel Access Level
DataCenter Provider
Read the documentation in /etc/csf/csf.conf

There are different LF_ settings for different login types.

I have to advise you against disabling this completely due to a high risk for spam and brute force attacks. However if you want to allow extra login attempts for pop3 for example you could set this to a higher number:

LF_POP3D = "10"

Raising that to say 25 should allow customers more login attempts while still blocking bad bots. You can also set temporary blocks instead of permanent by setting the _PERM settings like this:


The setting "1" is a permanent block. Setting a higher number like "300" would be a 5 minute block of the IP (300 seconds = 5 minutes).

If you change these settings you must fully restart CSF and LDF (just running csf -r will not do this) either restart both services via WHM or run this from command line:

csf -x ; csf -e

ensure CSF/LFD enable properly after any changes.


Staff member
Apr 11, 2011
Hello :)

In addition to the previous response, you may also want to verify if cPHulk is enabled if you have not already done so. cPHulk can also lock out accounts after failed login attempts.

Thank you.