Major system emails generated

Post Reply
GaryDev
Junior Member
Posts: 1
Joined: 29 Nov 2014, 13:44

Major system emails generated

Post by GaryDev »

First of all, I'd like to say I am most impressed with the work done on CSF, it's leaps and bounds ahead of manually editing iptables at the command prompt. Especially for someone who isn't very strong in linux. With that said..

We have a new server build of Ubuntu 10 LTS, which originally came with a DirectAdmin control panel. DA had huge issues in getting along with Webmin, so the ISP rebuilt the server and did not install DA.

We put in Webmin and Virtualmin, and then installed CSF. Other than taking the system out of testing mode, and white listing my ip address, and changing one setting for log file reporting, nothing much else has been done.

But there is something majorly wrong. Within seconds of booting the server, our email system is generating WAY too much stuff about issues with CSF and LFD. At present, its been up for about 2 minutes and I have over 50 emails generated, most of them about excessive resource usage in multiple modules (clamav, www-data etc ), suspicious processes running under multiple modules (mysql, dovecot, www-data etc) ... oh, and 1 blocked IP from China (yeah!)

Since we are still setting up and configuring the server, I shut it down before bed. Yesterday it was up for about 6 hours, and there were in excess of 400 emails of these same sorts of things.

Whats going on? Some advice would be great. We certainly cant run the server under these conditions...
w9jun
Junior Member
Posts: 3
Joined: 10 Jan 2015, 17:43
Location: Madison, IN

Re: Major system emails generated

Post by w9jun »

Did you ever figure out how to minimize emails?
verdonv
Junior Member
Posts: 20
Joined: 18 Nov 2014, 18:54

Re: Major system emails generated

Post by verdonv »

Same for me on a brand new CentOS 6.5 server. I've installed CSF on several servers in the past, and have never seen anything like this 600 emails overnight, reporting apache, postfix, and more... all seemingly legitimate. I've never had to specifically ignore any processes before.
verdonv
Junior Member
Posts: 20
Joined: 18 Nov 2014, 18:54

Re: Major system emails generated

Post by verdonv »

Is it possible that the pignore file is being ignored? Most of these notices are for processes that are in the default file. There's nothing odd about the server (I am aware of) and nothing odd about my csf config.
verdonv
Junior Member
Posts: 20
Joined: 18 Nov 2014, 18:54

Re: Major system emails generated

Post by verdonv »

Apologies.... at least in my case, some things were just in different locations on this server (not sure why, I didn't build it) and there were some services that I don't normally see on a server, because I don't normally have gnome running. When I looked closer at the emails, and did some finessing of the pignore file, I was able to resolve these issues.
jcats
Junior Member
Posts: 29
Joined: 03 Jan 2015, 14:36

Re: Major system emails generated

Post by jcats »

For anyone else having issues, its rather easy to resolve, you just have to read the actual emails to find out which rule in CSF is being triggered, even though you may have 500 emails sitting there, more than likely half of them are for the same exact thing. If the process that its complaining about is already ignored in csf.pignore, like 'mysqld' just do:

# grep -i mysql /etc/csf/csf.pignore
exe:/usr/sbin/mysqld
exe:/usr/sbin/mysqld_safe

Make sure that path matches where mysql is located on your server, you can use a command like whereis

# whereis mysqld
mysqld: /usr/sbin/mysqld /usr/share/man/man8/mysqld.8.gz

In my case, its already set to the location but if for some reason your server comes up with

/usr/bin/mysqld

then just update the current location in /etc/csf/csf.pignore

and restart csf

# csf -r

Hope that helps
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: Major system emails generated

Post by ForumAdmin »

You need to restart lfd after making changes to /etc/csf/csf.pignore:

Code: Select all

service lfd restart
Post Reply