How did this happen?

[LukeDouglas]

I got an email from the server with this line:
'admin@DOMAIN.COM' to access service 'mail' from IP '155.133.82.177': 31 Time(s)
dovecot: auth: Error: Cpanel::MailAuth: cphulk incremented the failure count for user

However, I have this in my deny list:
155.133.0.0/16 # Error: Cpanel::MailAuth: cphulk Poland Thu Apr 28 13:00:00 2025 DO NOT DELETE

So pray tell me how the user from the IP 155.133.82.177 even had access to anything on the server?

FYI, there is no IP beginning with '155.' in the allow list at all.

Is ConfigServer a reliable firewall or are there other circles or loops I have to go through to ensure that NO ONE from an ip 155.133.0.0-155.133.255.255 gets access to 'anything' on my server?

[sawbuck]

Yes, CSF is an excellent product with frequent updates made available at no cost from one of the premier Internet companies.

I would try adding 155.132.0.0/15 in addition to 155.133.0.0/16