E-mail Notifications appearing for denied IP ranges - update change?

1 post Page 1 of 1
Asiaplay
Junior Member
Posts: 2
Joined: 08 Nov 2018, 14:39


Hi Team,

I have added "177.0.0.0/8 # BR/Brazil/NA. do not delete" to our deny list of IPs.

Normally when a range is blocked, then I don't continue to get e-mail notifications for that denied range... however recently I am getting notifications for repeated hacks for IP Addresses that are blocked on the deny list of IPs
Is there a way to ONLY get notifications of NEW IP Address hack attempts? (I.E. not for those IPs already permanently blocked by deny list?)

Also is there any limit to the IP Bock range used? ... E.g. when a large range (E.g. /8) is set in the deny IPs list, will they be denied (or is this over the maximum block size CSF can use... I ask as e-mail notifications IP attack attempts for IPs already permanent "do not delete" in deny list (IP range example .177.0.0.0/8), are still sending notification e-mails (previously when IP is already in deny list then no notification is sent!)

E.g. for "do not delete" denied IP range example .177.0.0.0/8, the following notification was sent..

Time: Thu Nov 8 01:43:30 2018 +0800
IP: 177.135.73.42 (BR/Brazil/dotcomtelecom.static.gvt.net.br)
Failures: 1 (imapd)
Interval: 3500 seconds
Blocked: Permanent Block [LF_IMAPD]

Log entries:

Nov 8 01:43:24 server dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<xxxx@xxxx.com>, method=PLAIN, rip=177.135.73.42, lip=xxx.xxx.xxx.xxx, session=<4QVSpxZ6XK+xh0kq>

Any ideas?

PS: CENTOS 6.10 standard [server] v74.0.10
1 post Page 1 of 1