it's possible to do this from a simple bash command but it might be useful to less skilled users to have an option where LFD can also add an ip ban to cloudflare when the user provides an api key
might be too much to maintain for permanent rules, maybe make it part of the tempban feature?
when the feature is enabled, csf -td or csf -tr could also do the api call to cloudflare
While mailscanner does not provide protection for outgoing spam I guess it could send some alerts when the EXIM queue size reaches a size that could suggest spam is being sent
Your netblock function counts number of block episodes within a class.
I would like one that counts by number of unique IP addresses within a class.
So this didn't work as *I* had intended- by your mentioning ddos mitigation it is clear that you meant this to be use against rapid fire bombardment. I, on the other hand, thought it would be useful to block repeat offender bullet-proof type hosting...
Im using ConfigServer MailScanner Front-End where client IPS can be blocked by adding an entry into csf.deny. Ive been blocking the IP's for the persistent low scoring spam emails.
It is my understanding that due to the upper limit of IP's in csf.deny, the IP's for blocked emails will eventually get rotated out of the file.
Would it be worthwhile to consider having a separate file that could...
Hello,
The 99% of my distributed smtpauth attack alerts are for 535 Incorrect authentication . It would be nice if the alert is sent only when successful access to the email account is detected.
I believe this entry should be considered for removal. The base_30days.txt file no longer exists, and by visiting and searching the internet (ie, openbl.org's twitter page), it appears the company has gone under, for financial reasons.
When the openbl.org blocklist is enabled, in the /var/log/lfd.log file, every 30...
In its current form, CSF (when configured to also block outgoing connections) will add IP blocks as a DROP rule for outgoing conncetions. Outgoing connections should never be dropped. This can lead to a myriad of issues in the right environment, and at least a few issues in most environments.
A DROP rule in iptables does not send an error/rejection packet back to the...
How about a feature to permanently block IP by putting them in something like csf.pdeny
Right now if the deny_ip_limit is set at 100 and then if all the 100 IPs are filled up and CSF starts removing from the oldest IP blocked order the ones at the top get removed. But there are certain IPs which I would like to keep permanently blocked even if the limit has been reached and csf removes the oldest...
Create a field in CSF UI where you can input custom ip rules.
Ideal would be to click some options as connection limit, rate limit, inbound, outbound, ports, etc.
I came to this idea after searching for a way to limit 1 ip address which is hammering my server. But I don't want to block this IP nor do I want to limit all ip addresses in general.
It would be nice if we could white list countries so that they don't get blocked by the failed logins, most of the times our customers setup Outlook or similar clients and after an email password changed IMAP / SMTP blocks them.
Since most of the time hackers use compromised servers or anonymous proxies on USA, China, Germany... it should be easy if we could avoid LFD to act on IPs based on...
Hi all,
I wondering if I have something forgotten in my configuration for my cluster set-up?
Cluster_Sendto has all 4 IPs, Cluster Recvfrom, all 4 IPs, Cluster block = on, Cluster config = off
Same config on all 4 servers.
4 servers are in the cluster, it works partly fine, but it is not blocking IPs from LFD. and Network Classes.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum