Page 1 of 1
How to Disable Temporary SSHD login alert mail
Posted: 30 Aug 2020, 09:43
by btekcan
Hello,
How can I disable Temporary Block alert for LF_SSHD ? I need only mail succesfully login mail.
Regards
Re: Disable Temporary SSHD login alert mail
Posted: 02 Sep 2020, 19:20
by ksihota
Do you mean this?
# Send an email alert if anyone logs in successfully using SSH
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_SSH_EMAIL_ALERT = "1"
Re: Disable Temporary SSHD login alert mail
Posted: 06 Sep 2020, 06:43
by btekcan
No.. I need only stop temporary nail alerts like that
Time: Sun Sep 6 08:37:35 2020 +0300
IP: 189.163.20.135 (MX/Mexico/dsl-189-163-20-135-dyn.prod-infinitum.com.mx)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked: Temporary Block for 86400 seconds [LF_SSHD]
I received 400-500 mail every day. I need continue the block function but stop this mail. And only see PERMANENT block mail
Regards
Re: How to Disable Temporary SSHD login alert mail
Posted: 06 Sep 2020, 19:09
by ksihota
You can use this and set it to not send emails but you won't get any blocked alerts
# Send an email alert if an IP address is blocked by one of the [*] triggers
LF_EMAIL_ALERT = "1"
You could also create a special email account just to receive the LFD alerts and redirect the emails there. You can probably set up some rules to filter the emails coming in so you can differentiate what is what. Or just filter those and send them to trash.
I don't think I get any on mine but my settings are:
LF_SSHD = "5"
LF_SSHD_PERM = "1"