Fake messages block pop3d from csf

dimgr · March 24, 2025, 11:45am

I have a problem with the csf firewall.

The ip 5.203.223.198 is mine. Why does it give me a fake message (logs - email) that it is blocking me while I am connected to wsermin (email) normally? It gives me the same message and I can’t be connected. What should I do to solve the problem?

Mar 24 08:14:21 panel lfd[1279966]: Incoming IP 5.203.223.198:110 temporary block removed
Mar 24 08:14:21 panel lfd[1279966]: Incoming IP 5.203.223.198:995 temporary block removed
Mar 24 09:01:12 panel lfd[1294277]: pop3d - 2 logins in 2811 secs from 5.203.223.198 (GR/Greece/Attica/Galatsi/5-203-223-198.pat.nym.cosmote.net/[AS29247 COSMOTE-GR Cosmote Mobile Telecommunications S.A.]) for admin@####.site exceeds 1/hour - Blocked in csf for 789 secs [LT_POP3D]
Mar 24 09:14:23 panel lfd[1298444]: Incoming IP 5.203.223.198:110 temporary block removed
Mar 24 09:14:23 panel lfd[1298444]: Incoming IP 5.203.223.198:995 temporary block removed
Mar 24 09:35:04 panel lfd[1304181]: pop3d - 2 logins in 1241 secs from 5.203.223.198 (GR/Greece/Attica/Galatsi/5-203-223-198.pat.nym.cosmote.net/[AS29247 COSMOTE-GR Cosmote Mobile Telecommunications S.A.]) for admin@****.site exceeds 1/hour - Blocked in csf for 2359 secs [LT_POP3D]

SYSTEM INFORMATION
OS type and version	Ubuntu Linux 24.04.2
Virtualmin version	7.30.8

li9-hst_web-services · March 24, 2025, 2:47pm

You have to put your IPs on the allowed (safe) list.
Use a VPN to use another IP, then sign in and enter your IP on the allowed list.
Then restart csf.
Leave it inactive to make all the settings you want, and then turn it on.

li9-hst_web-services · March 24, 2025, 3:29pm

https://download.configserver.com/csf/readme.txt

dimgr · March 24, 2025, 3:50pm

I can’t put an IP because it’s not static. But why does it say it’s blocked when in reality it’s not? I’ve been logged into usermin (admin email) for over continues 12 hours and it keeps sending me messages.

I read elsewhere that others have the same problem as me, but they haven’t found a solution.

ID10T · March 24, 2025, 7:24pm

Have you asked on the csf forum? There are some users here but this isn’t really a webmin/virtualmin question.

Is this webmin/usermin or the virtualmin stack? What OS?

jimr1 · March 24, 2025, 7:50pm

It’s in post 1

ID10T · March 24, 2025, 7:52pm

Ah. Bottom posted.

But if it is the Virtualmin stack that means the OP decided against the ‘integrated’ and moved to another solution. Recently from what I’ve seen of csf they only want the RHEL and clones and others only grudgingly as indicated by the *. Latest Debian and Ubuntu not even listed. So, there ya go.

dimgr · March 25, 2025, 9:14am

I don’t understand, do you suggest I change the operating system on the server?

stefan1959 · March 25, 2025, 9:19am

Maybe adjust the setting LT_POP3D = “value”

https://www.interserver.net/tips/kb/various-reasons-for-ip-address-block-in-csf/

dimgr · March 25, 2025, 9:24am

Thanks, I’ll look into it.

ID10T · March 25, 2025, 3:46pm

No. I wouldn’t change the OS to support the firewall. I’d simply use the VM supported stack including Fail2ban. Prior versions of Ubuntu are only partially supported by CSF. Your Ubuntu version isn’t listed as supported at all.

dimgr · March 25, 2025, 9:48pm

Yes, now I understand, maybe I’ll finally install Ubuntu 22.

ID10T · March 25, 2025, 10:02pm

Not a good idea in my opinion. Going back a version to install a partially supported OS may not fix the problem. Have you asked the CSF forum for help?

dimgr · March 26, 2025, 8:13am

No, I haven’t asked for help from CSF, I had done this before for another problem and no one answered.

dimgr · March 26, 2025, 10:32am

Which of the 2 is better for server protection, CSF or Fail2ban???

jimr1 · March 26, 2025, 10:47am

neither they both do the same job (firewalld + fail2ban = CSF)

system · May 25, 2025, 10:48am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.