Search found 70 matches

Search found 70 matches Page 2 of 7
by keat63
17 May 2018, 10:32
Forum: General Discussion (csf)
Topic: Blocked IP still comes back
Replies: 1
Views: 436

I see in my logs a small number of failed logins from an IP, which is blocked in CSF at 00:04am xxxx.xxx.xxx.xxx # lfd: (smtpauth) Failed SMTP AUTH login from xxx.xxx.xxx.xx. (AU/Australia/New South Wales/Sydney/xxx.xxx.xxx.xx.static.exetel.com.au): 1 in the last 3600 secs - Mon May 14 00:04:44 2018...
by keat63
11 Apr 2018, 08:20
Forum: General Discussion (csf)
Topic: Custom REGEX rules for CSF.
Replies: 48
Views: 56584

Using Host Access Control in WHM, its possible to restrict Cpanel login to specific IP or range of IP's. However, any unauthorised log in attempts will generate the following warning: "Dropping connection from xxx.xxx.xxx.xxx because of tcp_wrappers at cpsrvd.pl line ####" There are no restrictions ...
by keat63
04 Apr 2018, 11:15
Forum: General Discussion (csf)
Topic: really could do with some help on a custom filter
Replies: 1
Views: 541

I've scoured the custom regex thread and it doesn't matter how many times i read it, it makes absolutely no logical sense to me.
I think writing my own regex is out of the question.
by keat63
03 Apr 2018, 08:16
Forum: General Discussion (csf)
Topic: really could do with some help on a custom filter
Replies: 1
Views: 541

Returning to work today, I see multip[le attempts over a number of days of someone trying to log in to cpanel.

Dropping connection from xxx.xxx.xxx.xxx because of tcp_wrappers at cpsrvd.pl line 3622

Is anyone able to help me write a custom rule which will block the offending IP.
by keat63
22 Jan 2018, 13:25
Forum: MailScanner Front-End
Topic: Change messages
Replies: 2
Views: 1459

thanks
by keat63
19 Jan 2018, 09:38
Forum: MailScanner Front-End
Topic: Change messages
Replies: 2
Views: 1459

does anyone know where to change this message please. This is a message from the MailScanner E-Mail Virus Protection Service ---------------------------------------------------------------------- The original e-mail attachment "PO KCTCN1104863.jar" is on the list of unacceptable attachments for this...
by keat63
03 Jul 2017, 13:27
Forum: General Discussion (csf)
Topic: CSF blocking Google Image Proxy Server
Replies: 3
Views: 1332

Try clearing out the blocked IP's and stat with a fresh blocklist.
This may help identify google.
by keat63
03 Jul 2017, 13:19
Forum: General Discussion (csf)
Topic: Best practices hardening a Cpanel / WHM Setup?
Replies: 1
Views: 795

Whitelist your IP in CSF. Using host access control (cpanel) allow ssh access to your IP or IP's, then deny SSH to all. Then change the port number to something else. https://forums.cpanel.net/threads/change-ssh-port-via-whm.108197/ In csf, configure ssh logins to something really low like 3 strikes...
by keat63
30 Jun 2017, 15:25
Forum: MailScanner Front-End
Topic: can anyone suggest a custom SA rule
Replies: 5
Views: 1791

After a number of experiments and waiting for these emails to arrive, I may have figured it out.
Just in case anyone else needs this, this is what I came up with.

header FROM_YOURRULENAME ALL =~ /mydomain\.co\.uk@/i
score FROM_YOURRULENAME 0.1

Giving it a very low score for testing purposes.
by keat63
30 Jun 2017, 14:33
Forum: MailScanner Front-End
Topic: SpamAssissin Lint test erro
Replies: 0
Views: 708

I'm seeing this error when doing a MailScanner lint test. (mailscanner nor SA)
Is it important and if so, how do I fix it.

ERROR: The "envelope_sender_header" in your spamassassin.conf
ERROR: is not correct, it should match X-cPanel-MailScanner-From
Search found 70 matches Page 2 of 7