How to find out the email address causing firewall block?
I have client got block by my firewall. It only says that my client public IP got block by failed SMTP. I want to find out the email account that causing the block. I'm using WHM/cPanel and I believe by firewall is CSF. I have root and SSH access.
Searching for 220.127.116.11...
Chain num pkts bytes target prot opt in out source destination
DENYIN 134 1012 60159 DROP all -- !lo * 18.104.22.168 0.0.0.0/0
DENYOUT 134 55 23524 DROP all -- * !lo 0.0.0.0/0 22.214.171.124
csf.deny: 126.96.36.199 # lfd: (smtpauth) Failed SMTP AUTH login from 188.8.131.52 (ab/country/184.108.40.206.phone.net): 5 in the last 3600 secs - Wed Jan 29 11:37:49 2014
Unblock 220.127.116.11: Unblock 18.104.22.168?
NOTE the above ISP and some other detail relating to my client had been change.