The CSF (ConfigServer) firewall is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.
The CSF comes with the LFD (Login Failure Daemon), which would detect any malicious login attempts to the server made through any of these -
* courier imap and pop3
* non-ssl cpanel / whm / webmail
* password protected web pages (htpasswd)
* mod_security failures
This is an additional feature to the packet filtering. With this Firewall installed, the need for manual intervention reduces. In case, of Brute Force attempts, multiple failed login attempts, high server load, etc. the LFD will send notification emails. These email notifications are being generated to keep you informed about system health and possible signs of brute force, (d)DoS attack or unauthorized processes running. While most of the actions will be done automatically by CSF/LFD, it still would be a good idea to check these emails for cases where, say, unauthorized logins are happening or things like unauthorized processes running on the system.