IP Address blocked in csf – (exim mail server)

 cPanel Server Management

Error Details: csf.deny: 192.168.4.10 # lfd: (eximsyntax) Exim syntax errors from 192.168.4.10 (MW/Malawi/-): 10 in the last 3600 secs

Solutions:

From Command Line Interface,

—> Check the lfd.log file

# grep 192.168.4.10 /var/log/lfd.log

Grep: Filtering command is used to search a file for a particular pattern of character and display all the lines that contain the pattern.

lfd[3915411]: (eximsyntax) Exim syntax errors from 192.168.4.10 (MW/Malawi/-): 10 in the last 3600 secs - Blocked in csf [LF_EXIMSYNTAX]

As per the above result, The given IP is blocked by the CSF Firewall.

NOTE: The IP block occurs when incorrect data is sent to the mail server from our IP, and the most frequent cases are usually with the recipient’s email address. 

—> Whitelist (i.e allow) the IP in CSF firewall.

#csf -a 192.168.4.10

csf – command.

a – allow.

#csf -r

r- restart the csf and lfd service.

NOTE: Don’t forget to restart the CSF service after making changes if not the changes won’t update.

—> If the problem occurs again, Check the Exim reject log.

# grep 192.168.4.10 /var/log/exim_rejectlog

SMTP call from (Secretary) [192.168.4.10]:51488 dropped: c (last command was “RCPT TO: <‘one@example.com’>”, C=EHLO,STARTTLS,EHLO,AUTH,MAIL,RCPT,RCPT,RCPT,RCPT)

The result shows that the recipient (i.e RCPT TO) address is mentioned in single quotations.

NOTE: This type of error usually happens when we copy-paste the email address on the email application. Please make sure there wasn’t any quotation on the sender/recipient address.

—> If the problem is again triggered, after getting the confirmation from the client, Go into the configuration, to the “Login Failure Blocking and Alerts” section. Setting “LF_EXIMSYNTAX” and “LF_EXIMSYNTAX_PERM” to 0, saving, and restarting CSF/LFD should take care of it.

# vi /etc/csf/csf.conf

LF_EXIMSYNTAX = 0

LF_EXIMSYNTAX_PERM = 0

:wq –> to save the file

# csf -r

cPanel Server Management