CSF / LFD not blocking "list matching forced to fail: failed to find host name" exim syntax

1 post Page 1 of 1
houseofgeek
Junior Member
Posts: 2
Joined: 30 Apr 2018, 06:43


Hi guys,

CSF is blocking SMTP login attempts fine, but LF_EXIMSYNTAX=10 and LF_EXIMSYNTAX_PERM=1 don't seem to be stopping EXIM attacks. Below is an excerpt from my exim_mainlog. These two IP addresses (181.214.206.20 and 181.214.206.133) have been hitting the server with these requests hundreds of times but haven't been blocked. Shouldn't multiple list matching forced to fail: failed to find host name failures have triggered an IP block?



2018-05-08 23:22:18 [21336] SMTP connection from [181.214.206.20]:1238 I=[xxx.xxx.xxx.xxx]:25 (TCP/IP connection count = 1)
2018-05-08 23:22:18 [23844] no host name found for IP address 181.214.206.20
2018-05-08 23:22:18 [23844] list matching forced to fail: failed to find host name for 181.214.206.20
2018-05-08 23:22:18 [23844] list matching forced to fail: failed to find host name for 181.214.206.20
2018-05-08 23:22:33 [23844] SMTP connection from [181.214.206.20]:1238 I=[xxx.xxx.xxx.xxx]:25 lost
2018-05-08 23:22:33 [23844] no MAIL in SMTP connection from [181.214.206.20]:1238 I=[xxx.xxx.xxx.xxx]:25 D=15s

2018-05-08 23:24:40 [21336] SMTP connection from [181.214.206.133]:11942 I=[xxx.xxx.xxx.xxx]:25 (TCP/IP connection count = 1)
2018-05-08 23:24:41 [24091] no host name found for IP address 181.214.206.133
2018-05-08 23:24:41 [24091] list matching forced to fail: failed to find host name for 181.214.206.133
2018-05-08 23:24:41 [24091] list matching forced to fail: failed to find host name for 181.214.206.133
2018-05-08 23:24:55 [24091] SMTP connection from [181.214.206.133]:11942 I=[xxx.xxx.xxx.xxx]:25 lost
2018-05-08 23:24:55 [24091] no MAIL in SMTP connection from [181.214.206.133]:11942 I=[xxx.xxx.xxx.xxx]:25 D=15s

2018-05-08 23:27:25 [21336] SMTP connection from [181.214.206.133]:61288 I=[xxx.xxx.xxx.xxx]:25 (TCP/IP connection count = 1)
2018-05-08 23:27:25 [24416] no host name found for IP address 181.214.206.133
2018-05-08 23:27:25 [24416] list matching forced to fail: failed to find host name for 181.214.206.133
2018-05-08 23:27:25 [24416] list matching forced to fail: failed to find host name for 181.214.206.133
2018-05-08 23:27:40 [24416] SMTP connection from [181.214.206.133]:61288 I=[xxx.xxx.xxx.xxx]:25 lost
2018-05-08 23:27:40 [24416] no MAIL in SMTP connection from [181.214.206.133]:61288 I=[xxx.xxx.xxx.xxx]:25 D=15s

2018-05-08 23:27:40 [21336] SMTP connection from [181.214.206.20]:51864 I=[xxx.xxx.xxx.xxx]:25 (TCP/IP connection count = 1)
2018-05-08 23:27:40 [24417] no host name found for IP address 181.214.206.20
2018-05-08 23:27:40 [24417] list matching forced to fail: failed to find host name for 181.214.206.20
2018-05-08 23:27:40 [24417] list matching forced to fail: failed to find host name for 181.214.206.20
2018-05-08 23:27:55 [24417] SMTP connection from [181.214.206.20]:51864 I=[xxx.xxx.xxx.xxx]:25 lost
2018-05-08 23:27:55 [24417] no MAIL in SMTP connection from [181.214.206.20]:51864 I=[xxx.xxx.xxx.xxx]:25 D=15s


2018-05-08 23:30:09 [21336] SMTP connection from [181.214.206.133]:46210 I=[xxx.xxx.xxx.xxx]:25 (TCP/IP connection count = 1)
2018-05-08 23:30:10 [24492] no host name found for IP address 181.214.206.133
2018-05-08 23:30:10 [24492] list matching forced to fail: failed to find host name for 181.214.206.133
2018-05-08 23:30:10 [24492] list matching forced to fail: failed to find host name for 181.214.206.133
2018-05-08 23:30:24 [24492] SMTP connection from [181.214.206.133]:46210 I=[xxx.xxx.xxx.xxx]:25 lost
2018-05-08 23:30:24 [24492] no MAIL in SMTP connection from [181.214.206.133]:46210 I=[xxx.xxx.xxx.xxx]:25 D=15s


2018-05-08 23:32:54 [21336] SMTP connection from [181.214.206.133]:31216 I=[xxx.xxx.xxx.xxx]:25 (TCP/IP connection count = 1)
2018-05-08 23:32:54 [24881] no host name found for IP address 181.214.206.133
2018-05-08 23:32:54 [24881] list matching forced to fail: failed to find host name for 181.214.206.133
2018-05-08 23:32:54 [24881] list matching forced to fail: failed to find host name for 181.214.206.133

2018-05-08 23:33:02 [21336] SMTP connection from [181.214.206.20]:37920 I=[xxx.xxx.xxx.xxx]:25 (TCP/IP connection count = 2)
2018-05-08 23:33:02 [24900] no host name found for IP address 181.214.206.20
2018-05-08 23:33:02 [24900] list matching forced to fail: failed to find host name for 181.214.206.20
2018-05-08 23:33:02 [24900] list matching forced to fail: failed to find host name for 181.214.206.20
2018-05-08 23:33:09 [24881] SMTP connection from [181.214.206.133]:31216 I=[xxx.xxx.xxx.xxx]:25 lost
2018-05-08 23:33:09 [24881] no MAIL in SMTP connection from [181.214.206.133]:31216 I=[xxx.xxx.xxx.xxx]:25 D=15s
2018-05-08 23:33:17 [24900] SMTP connection from [181.214.206.20]:37920 I=[xxx.xxx.xxx.xxx]:25 lost
2018-05-08 23:33:17 [24900] no MAIL in SMTP connection from [181.214.206.20]:37920 I=[xxx.xxx.xxx.xxx]:25 D=15s

2018-05-08 23:35:37 [21336] SMTP connection from [181.214.206.133]:16096 I=[xxx.xxx.xxx.xxx]:25 (TCP/IP connection count = 1)
2018-05-08 23:35:37 [25172] no host name found for IP address 181.214.206.133
2018-05-08 23:35:37 [25172] list matching forced to fail: failed to find host name for 181.214.206.133
2018-05-08 23:35:37 [25172] list matching forced to fail: failed to find host name for 181.214.206.133
2018-05-08 23:35:52 [25172] SMTP connection from [181.214.206.133]:16096 I=[xxx.xxx.xxx.xxx]:25 lost
2018-05-08 23:35:52 [25172] no MAIL in SMTP connection from [181.214.206.133]:16096 I=[xxx.xxx.xxx.xxx]:25 D=15s
2018-05-08 23:38:22 [21336] SMTP connection from [181.214.206.133]:1098 I=[xxx.xxx.xxx.xxx]:25 (TCP/IP connection count = 1)
2018-05-08 23:38:23 [25466] no host name found for IP address 181.214.206.133
2018-05-08 23:38:23 [25466] list matching forced to fail: failed to find host name for 181.214.206.133
2018-05-08 23:38:23 [25466] list matching forced to fail: failed to find host name for 181.214.206.133

2018-05-08 23:38:24 [21336] SMTP connection from [181.214.206.20]:23960 I=[xxx.xxx.xxx.xxx]:25 (TCP/IP connection count = 2)
2018-05-08 23:38:24 [25469] no host name found for IP address 181.214.206.20
2018-05-08 23:38:24 [25469] list matching forced to fail: failed to find host name for 181.214.206.20
2018-05-08 23:38:24 [25469] list matching forced to fail: failed to find host name for 181.214.206.20
2018-05-08 23:38:37 [25466] SMTP connection from [181.214.206.133]:1098 I=[xxx.xxx.xxx.xxx]:25 lost
2018-05-08 23:38:37 [25466] no MAIL in SMTP connection from [181.214.206.133]:1098 I=[xxx.xxx.xxx.xxx]:25 D=15s
2018-05-08 23:38:39 [25469] SMTP connection from [181.214.206.20]:23960 I=[xxx.xxx.xxx.xxx]:25 lost
2018-05-08 23:38:39 [25469] no MAIL in SMTP connection from [181.214.206.20]:23960 I=[xxx.xxx.xxx.xxx]:25 D=15s


2018-05-08 23:41:06 [21336] SMTP connection from [181.214.206.133]:50462 I=[xxx.xxx.xxx.xxx]:25 (TCP/IP connection count = 1)
2018-05-08 23:41:06 [25873] no host name found for IP address 181.214.206.133
2018-05-08 23:41:06 [25873] list matching forced to fail: failed to find host name for 181.214.206.133
2018-05-08 23:41:06 [25873] list matching forced to fail: failed to find host name for 181.214.206.133
2018-05-08 23:41:21 [25873] SMTP connection from [181.214.206.133]:50462 I=[xxx.xxx.xxx.xxx]:25 lost
2018-05-08 23:41:21 [25873] no MAIL in SMTP connection from [181.214.206.133]:50462 I=[xxx.xxx.xxx.xxx]:25 D=15s
1 post Page 1 of 1