Firewall blocking due to too many email connections

GregW

Verified User
Joined
Aug 6, 2019
Messages
18
(novice here)

I have been trying to figure out why we are being firewall blocked and have narrowed it down to too many email connections as we have quite a few email addresses that could be checking for new mail at the same time. To fix it, I have to go into the firewall settings and allow the IP address (via a nonlinked device using a separate IP). I don't have and can't obtain a static IP address.

Is there a setting in the Firewall at the admin level I can adjust up or down to see if that is in fact the issue and see if it resolves it? Ports in use for email are 993 incoming (IMAP) and outgoing 465 (SMTP).

Thanks for any advice.
 
###############################################################################
# SECTION:Connection Tracking
###############################################################################
# Connection Tracking. This option enables tracking of all connections from IP
# addresses to the server. If the total number of connections is greater than
# this value then the offending IP address is blocked. This can be used to help
# prevent some types of DOS attack.
#
# Care should be taken with this option. It's entirely possible that you will
# see false-positives. Some protocols can be connection hungry, e.g. FTP, IMAPD
# and HTTP so it could be quite easy to trigger, especially with a lot of
# closed connections in TIME_WAIT. However, for a server that is prone to DOS
# attacks this may be very useful. A reasonable setting for this option might
# be around 300.
#
# To disable this feature, set this to 0
CT_LIMIT = "0"

Check for lin number in the config file: /etc/csf/csf.conf
 
sorry I have been away.

So if it is 0, as in disabled, why do my IPs get blocked?

If I increase it to 100, will that be the solution?
 
If you have CT_LIMIT = "0" it is disabled so it does not block your IP-address for too many connections. You can also set CT_LIMIT = "100" and only count specific ports (e.g. 80,443) by adding them in CT_PORTS = "80,443". This way 100+ connections to IMAP or SMTP will not be blocked.

Also check if your IP-address is not blocked by attempts with wrong credentials. For SMTP and IMAP you will find those settings in LF_SMTPAUTH, LF_SMTPAUTH_PERM, LF_IMAPD, LF_IMAPD_PERM.

Best is to check your lfd.log to see what's going on.
 
Back
Top