CSF not blocking brute-Force attacks on exim2

1 post Page 1 of 1
Junior Member
Posts: 1
Joined: 07 Jul 2018, 16:19

Hello everyone,
I have been fighting this issue for a long time, I swear I've spent at least 6+ hours trying to fix it/reading other peoples attempts and I can't figure out what is wrong.

To start, I am getting notifications constantly from directadmin stating...
Code: Select all
A brute force attack has been detected in one of your service logs. IP XXX,XXX,XXX,XXX has X failed login attempts: exim2=100
CSF/LFD is setup and running on my Centos 6 dedicated server and is successfully blocking other attacks.

Here are the settings I believe apply to this situation :
Code: Select all
SMTP_PORTS = "25,465,587"
SMTP_ALLOWGROUP = "mail,mailman"

SMTPAUTH_LOG = "/var/log/exim/mainlog"
I also tried the following
Code: Select all
SMTPAUTH_LOG = "/var/log/exim/rejectlog"
Both log files above exist and are populated, here is a sample line from maillog
Code: Select all
2018-06-11 05:31:09 login authenticator failed for (User) [XXX.XXX.XXX.XXX]: 535 Incorrect authentication data (set_id=smtp@removed.com)
I've tried tons of different settings/tweaks restarting both csf + lfd each time. I'm clueless on why this isn't working. I would really appreciate any help as right now I am getting tons of emails every week and I am having to manually add ip addresses to ip.deny

Thanks for any help you can provide.
1 post Page 1 of 1