Page 1 of 1

Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Posted: 15 Nov 2020, 12:52
by djblamire
I get a huge amount of e-mail notifications such as the ones below on a daily basis:

Code: Select all

Time:     Sun Nov 15 12:45:01 2020 +0000
IP:       191.239.XXX.XX (BR/Brazil/-)
Failures: 3 (sshd)
Interval: 3600 seconds
Blocked:  Permanent Block [LF_SSHD]

Log entries:

Nov 15 12:30:49 server sshd[27350]: Invalid user git from 191.239.XXX.XX port 45826
Nov 15 12:30:51 server sshd[27350]: Failed password for invalid user git from 191.239.XXX.XX port 45826 ssh2
Nov 15 12:44:59 server sshd[30313]: Invalid user confluence from 191.239.XXX.XX port 48198
I've already changed the /etc/csf/csf.conf to be:

LF_EMAIL_ALERT = "0"
LF_TEMP_EMAIL_ALERT = "0"
CT_EMAIL_ALERT = "0"

PS_EMAIL_ALERT = "1"
LF_SSH_EMAIL_ALERT = "1" - But it says 'Send an email alert if anyone logs in successfully using SSH

The comment on 'LF_SSH_EMAIL_ALERT' says that this e-mail is sent if someone logs into SSH successfully (which I would want), but the e-mail alerts are coming through when they have failed to login and therefore being blocked.

Any ideas on why I am getting these e-mails despite the settings I have above ?

Thanks in advance

Re: Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Posted: 28 Nov 2020, 16:58
by kevinlech
I am also getting the same error as you said, i dont know how to fix that like you :((

Re: Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Posted: 11 Jan 2021, 06:46
by mikey_189763
+1 Came here looking for a solution. I'm trying to disable perm block emails, but I keep getting them anyway.

Re: Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Posted: 14 Jan 2021, 14:14
by Sergio
If you are using cPanel the work around is very easy:

1. Enter into webmail of the account that you are receiving the emails.
2. Create a Filter.
3. Name the filter as you want.
4. On the first line select SUBJECT CONTAINS and write the subject of that email.
5. ADD a second line (be careful not to select OR) and select BODY CONTAINS and write:
Failures: 3 (sshd)
6. To finish select DELETE and save.

You will never get those emails in your inbox.

Re: Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Posted: 05 Mar 2021, 08:30
by warmwhisky
Same here. I've been fighting these notifications for weeks now. They continually come to my inbox.

Suspicious process running - added "/opt/cpanel/ea-php74/root/usr/sbin/php-fpm" to /etc/csf/csf.pignore then restart csf & lfd
Still get notifications

Excessive processes running - added PT_USERMEM = "0" & PT_USERTIME = "0" to /etc/csf/csf.conf then restart csf & lfd
Still get notifications

SSH login alert for user
I get two emails exactly the same every time I login.

I know its good to have notifications about server issues, but this is overkill to the point that googling about these alert settings only finds people trying to disable them.