Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Post Reply
djblamire
Junior Member
Posts: 40
Joined: 06 Jan 2007, 16:46

Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Post by djblamire »

I get a huge amount of e-mail notifications such as the ones below on a daily basis:

Code: Select all

Time:     Sun Nov 15 12:45:01 2020 +0000
IP:       191.239.XXX.XX (BR/Brazil/-)
Failures: 3 (sshd)
Interval: 3600 seconds
Blocked:  Permanent Block [LF_SSHD]

Log entries:

Nov 15 12:30:49 server sshd[27350]: Invalid user git from 191.239.XXX.XX port 45826
Nov 15 12:30:51 server sshd[27350]: Failed password for invalid user git from 191.239.XXX.XX port 45826 ssh2
Nov 15 12:44:59 server sshd[30313]: Invalid user confluence from 191.239.XXX.XX port 48198
I've already changed the /etc/csf/csf.conf to be:

LF_EMAIL_ALERT = "0"
LF_TEMP_EMAIL_ALERT = "0"
CT_EMAIL_ALERT = "0"

PS_EMAIL_ALERT = "1"
LF_SSH_EMAIL_ALERT = "1" - But it says 'Send an email alert if anyone logs in successfully using SSH

The comment on 'LF_SSH_EMAIL_ALERT' says that this e-mail is sent if someone logs into SSH successfully (which I would want), but the e-mail alerts are coming through when they have failed to login and therefore being blocked.

Any ideas on why I am getting these e-mails despite the settings I have above ?

Thanks in advance
kevinlech
Junior Member
Posts: 1
Joined: 28 Nov 2020, 16:56

Re: Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Post by kevinlech »

I am also getting the same error as you said, i dont know how to fix that like you :((
mikey_189763
Junior Member
Posts: 7
Joined: 16 Jul 2017, 20:26

Re: Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Post by mikey_189763 »

+1 Came here looking for a solution. I'm trying to disable perm block emails, but I keep getting them anyway.
Sergio
Junior Member
Posts: 1435
Joined: 12 Dec 2006, 14:56

Re: Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Post by Sergio »

If you are using cPanel the work around is very easy:

1. Enter into webmail of the account that you are receiving the emails.
2. Create a Filter.
3. Name the filter as you want.
4. On the first line select SUBJECT CONTAINS and write the subject of that email.
5. ADD a second line (be careful not to select OR) and select BODY CONTAINS and write:
Failures: 3 (sshd)
6. To finish select DELETE and save.

You will never get those emails in your inbox.
Post Reply