Hi there, I’ve been using CentOS Web Panel for a couple of years and it’s amazing what and how a simple panel can accomplish. CentOS Web Panel is a excellent panel to manage: domain names & subdomains, databases, users and email accounts. It gives you full control over your own web server, including latest PHP & Apache versions. Well, today I want to share a way to block failed login email attempts through CSF (Config Server Firewall) to avoid several attacks to your email accounts or clients email accounts in an automatic way.
Step #1: Edit CSF Config File
You need to define the log file in order to CSF check and block those IP addresses. I’ll use “nano” to edit the file, you can use your favorite editor.
nano /etc/csf/csf.conf
Add the email as the CUSTOM2_LOG:
CUSTOM2_LOG = "/var/log/maillog"
Step #2: Edit Regex Custom Rules
You need to add a custom regex rule to the CSF Custom Rules File:
nano /usr/local/csf/bin/regex.custom.pm
Add the below rule between “Do not edit before this point” and “Do not edit beyond this point“.
if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/smtpd\[\d+\]: warning:.*\[(\d+\.\d+\.\d+\.\d+)\]: SASL [A-Z]*? authentication failed/)) {
return ("Failed SASL login from",$1,"mysaslmatch","3","25","1");
}Step #3: Restart the Firewall
Lastly, restart the firewall:
csf -r
Results
Want to know even more about it? Doubts? Leave a comment.
538 total views, 1 views today
Finally! It actually works!