Login Tracking

Login Tracking keeps track of POP3 and IMAP logins and limits them to X connections per hour per account per IP address. It uses iptables to block offenders to the appropriate protocol port only and flushes them every hour and starts counting logins again. All of these blocks are temporary and can be cleared manually by restarting CSF.

There are two settings, one of POP3 and one for IMAP logins. It's generally not a good idea to track IMAP logins as many clients login each time to perform a protocol transaction. If you do have a need to have some limit to IMAP logins, it is probably best to set the login limit quite high.

If you want to know when LFD temporarily blocks an IP address you can enable the email tracking alerts option (which is on by default).

To enable successful SSHD login tracking you should ensure that UseDNS in /etc/ssh/sshd_config is disabled by using UseDNS no and that sshd has then been restarted.

Related Files

File Description
/etc/csf/csf.conf LT_* configuration options.
/usr/local/csf/tpl/tracking.txt POP3/IMAP blocking email template.