How to Check Firewall Logs for details

[sammiller]

I am trying to figure out how to see what is happening for a user on my server. They keep getting blocked from failed POP3 connections and we cant figure out why. The log below is all I can find that indicates what is happening.

Apr 11 11:10:54 ns3 lfd[17895]: (pop3d) Failed POP3 login from (IP Hidden) (US/United States/(IP String)-static.hfc.comcastbusiness.net): 10 in the last 300 secs - *Blocked in csf* [LF_POP3D]

My question is: Are there any other places within WHM to find log details for IP bans? I would like to find out which email address is trying to connect or any other information that I can use to try to solve the issue. Thank you for your help in advance.

 

[kdean]

First your firewall is blocking multiple failed login attempts as a security measure.

You should look at the original login failures by reviewing /var/log/maillog

Search for lines containing "auth failed".

The line should list the email address and the remote IP (rip).

You could also search for the IP to see all the mail activity.

 

[Infopro]

LFD should have also emailed you on this. Do you get those?

 

[sammiller]

You should look at the original login failures by reviewing /var/log/maillog

This was very helpful thank you