I have been fighting this issue for a long time, I swear I've spent at least 6+ hours trying to fix it/reading other peoples attempts and I can't figure out what is wrong.
To start, I am getting notifications constantly from directadmin stating...
Code: Select allCSF/LFD is setup and running on my Centos 6 dedicated server and is successfully blocking other attacks.
A brute force attack has been detected in one of your service logs. IP XXX,XXX,XXX,XXX has X failed login attempts: exim2=100
Here are the settings I believe apply to this situation :
Code: Select allI also tried the following
SMTP_BLOCK = "0" SMTP_ALLOWLOCAL = "1" SMTP_REDIRECT = "0" SMTP_PORTS = "25,465,587" SMTP_ALLOWUSER = "" SMTP_ALLOWGROUP = "mail,mailman" SMTPAUTH_RESTRICT = "0" LF_SMTPAUTH = "5" LF_SMTPAUTH_PERM = "1800" LF_EXIMSYNTAX = "10" LF_EXIMSYNTAX_PERM = "1" SMTPAUTH_LOG = "/var/log/exim/mainlog"
Code: Select allBoth log files above exist and are populated, here is a sample line from maillog
SMTPAUTH_LOG = "/var/log/exim/rejectlog"
Code: Select allI've tried tons of different settings/tweaks restarting both csf + lfd each time. I'm clueless on why this isn't working. I would really appreciate any help as right now I am getting tons of emails every week and I am having to manually add ip addresses to ip.deny
2018-06-11 05:31:09 login authenticator failed for (User) [XXX.XXX.XXX.XXX]: 535 Incorrect authentication data (firstname.lastname@example.org)
Thanks for any help you can provide.