Search Our Database
How to check which email account cause IP address getting blocked using SSH (Directadmin)
How to check which email account cause IP address getting blocked using SSH (Directadmin)
If you ever encounter unable to access webmail or website, chances are your IP address was getting blocked by the firewall of the server. In this knowledge based, we will show you steps to check which user was causing the blockage of the IP address for Directadmin.
- Login into the server via SSH (make sure to have a root access)
- To determine if the IP address is blocked/blacklisted, input the command:
iptables -nvL | grep <IP address>
or
csf -g <IP address>
- Examples:
******iptables results if IP was blocked*****
******csf results if IP was blocked*****
- Next, to check who is causing the IP address to be blocked, type in:
grep -i "auth failed" /var/log/maillog | grep Disconnected | grep "@" | awk '{print $15,$17}' | uniq -c | sort -h
- This will output the email and IP address that has multiple failed login which potentially blacklisted in the server firewall. Your next course of action should be to instruct the user to enter the password correctly to avoid this issue occurring again.