help - ConfigServer Security & Firewall - csf v14.17

[TestUser]

Hey all.
i have a fresh OS and DA install for my email server.
All is good, except when i enable firewall some users IPS get blocked and then email stop working for them.
Seems they have a wrong pass on some device...
How could i resolve this from my side?
i have enabeled CC_ALLOW for my country
but the users still gets bloked.
Any ideas highly apreciated!

 

[Zhenyapan]

there are two ways:
- disable failed attempts check and make server less secured
- make users to update their configs with correct credentials

 

[TestUser]

ok,
is it possible to disable failed attempts check for actual users but not for all other atempts?
I see there are a lot of general atempts to login

 

[Richard G]

There is an option to whitelist ip's. That could be used for whitelisting customer ip's. But I would advise against it.
Customers should just take care they have their credentials in order, it's for the benefit of the other customers but also for themselves, because that way you can keep your security optimal.

 

[Dettol]

I remember "CC_ALLOW" need you to get a license code via MaxMind(GeoIP2 Databases) to make it work...

You better to enter your license code in csf and use it.

 

[Ohm J]

@Dettol nope... don't need if you select other API, MaxMind is just one of them in the past ( Don't need API key). but something change in maxmind due Abused ..

 

[johannes]

there are 2 files to whitelist IPs in CSF: csf_allow and lfd_ignore

 

[Richard G]

and lfd_ignore

it's csf.ignore and csf.allow with dots.