The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Protect an email account

Discussion in 'Security' started by keat63, May 27, 2016.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I have an email account that appears to under some sort of brute force.

    I have CSF configured quite strictly at 3 failed login attempts and the IP is blocked.

    I'd like to somehow restrict this email account to being able to login only from my static IP.
    or configure in CSF/CPHULK that even a single login failure for this particular account blocks the IP.
    This user is office based, and has no ability to access email outside of our static IP.

    He uses an email client which is preconfigured, my static IP is whileslisted, so the likelyhood of him legitimately getting blocked is probably nil.

    Is this possible ?
     
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I've since enabled smtpauth_resrict in CSF and added a small number of country codes to cc_allow_smtpauth.
    This may suffice, I'll monitor for a few days.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    No native features exist in cPanel/WHM that allow you to restrict traffic for specific email accounts. However, I'm happy to see you were able to find a potential solution. Feel free to update this thread with the outcome.

    Thanks!
     
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Over the last few days, I have seen a remarked drop in number of attempted smtp logins.
    I added only 2 country codes to cc_allow_smtp, I am however still seeing occasional login attempts from countries outside of these two zones.
    I'm not sure at this stage whether this is CSF being fussy over country codes, or if it's just coincidence that the hackers went away for a while.
     
Loading...

Share This Page