Disabling firewall IP blocking on POP3/SMTP/webmail login failures

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
Read the documentation in /etc/csf/csf.conf

There are different LF_ settings for different login types.

I have to advise you against disabling this completely due to a high risk for spam and brute force attacks. However if you want to allow extra login attempts for pop3 for example you could set this to a higher number:

LF_POP3D = "10"

Raising that to say 25 should allow customers more login attempts while still blocking bad bots. You can also set temporary blocks instead of permanent by setting the _PERM settings like this:


LF_POP3D_PERM = "1"

The setting "1" is a permanent block. Setting a higher number like "300" would be a 5 minute block of the IP (300 seconds = 5 minutes).

If you change these settings you must fully restart CSF and LDF (just running csf -r will not do this) either restart both services via WHM or run this from command line:

csf -x ; csf -e

ensure CSF/LFD enable properly after any changes.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello :)

In addition to the previous response, you may also want to verify if cPHulk is enabled if you have not already done so. cPHulk can also lock out accounts after failed login attempts.

Thank you.