How to ignore specific email address check

Post Reply
AndyB78
Junior Member
Posts: 11
Joined: 14 Nov 2013, 17:55

How to ignore specific email address check

Post by AndyB78 »

Hi,

Is there some way to ignore checks for a specific email address?

My situation is that one of our cPanel users had an email address for an employee. The employee is gone, the address was deleted but the ex-employee still checks the address a thousands of time a day and they keep banning some important IP addresses. We have whitelisted the respective ranges but now we are getting many hundreds "Permanent Block (IP match in csf.allow, block may not work)" each day.

Asking the ex-employee to stop checking the address is not an option.

Regards!
bouvrie
Junior Member
Posts: 16
Joined: 23 Nov 2011, 09:49

Re: How to ignore specific email address check

Post by bouvrie »

Bumping this question, as I have the same situation.

Is there any way to have LFD ignore specific Email addresses triggering an IP block? I tried expanding the Logignore file, but apparently this doesn't have any effect?

Code: Select all

...

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ dovecot: imap-login: Aborted login (auth failed.+: user=<email@domain.com>
Sergio
Junior Member
Posts: 1440
Joined: 12 Dec 2006, 14:56

Re: How to ignore specific email address check

Post by Sergio »

As this is not a MailScanner issue but cPanel, the only way that I found to manage this type of situation is to let the email account to exist with the actual password that the user had to check the email.

Then in cPanel I suspend the send and receive options, so, even if the employee can access the email account he will not be able to send and receive emails. That way the IPs will never be blocked and the employee could not use the account.

Sergio
loadfactor
Junior Member
Posts: 2
Joined: 30 Apr 2018, 01:54

Re: How to ignore specific email address check

Post by loadfactor »

I've got two scenarios where this is a big problem. The first is a user who has some old forgotten device that's pulling mail. User gets a new device, changes password. Old device triggers lfd, user gets their address blocked. Repeat until permanently blocked. I had one user who took months to find an old tablet that was doing this.
The second is some user with a cell that has a bad mail password. As they move around, they get blocked on numerous addresses in the same C class, and lfd issues a net block. This disconnects a busy urban cell tower and more users have problems.
Where is lfd getting this data if not from the log files?
Post Reply