- gunakan commnad berikut untuk mengetahui fail autentikasi per IP
# awk '/auth failed/ {for (i=1;i<=NF;i=i+1) if ($i~/rip/) print $i}' /var/log/maillog |sort|uniq -c|sort -n| tail 12 rip=223.255.228.87, 13 rip=114.124.141.10, 14 rip=111.94.212.75, 15 rip=103.10.67.166, 15 rip=103.23.202.26, 15 rip=223.255.228.94, 18 rip=223.255.228.105, 18 rip=223.255.228.89, 25 rip=2406:2400:c0:a708:1014:156e:9dcd:8d7a, 504 rip=111.68.124.38, 2. blok di csf misal : IP 111.68.124.38 504 kali fail . csf -d <ipaddress>