Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Post Reply
HappymanUK
Junior Member
Posts: 44
Joined: 06 Jan 2007, 16:46

Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Post by HappymanUK »

I get a huge amount of e-mail notifications such as the ones below on a daily basis:

Code: Select all

Time:     Sun Nov 15 12:45:01 2020 +0000
IP:       191.239.XXX.XX (BR/Brazil/-)
Failures: 3 (sshd)
Interval: 3600 seconds
Blocked:  Permanent Block [LF_SSHD]

Log entries:

Nov 15 12:30:49 server sshd[27350]: Invalid user git from 191.239.XXX.XX port 45826
Nov 15 12:30:51 server sshd[27350]: Failed password for invalid user git from 191.239.XXX.XX port 45826 ssh2
Nov 15 12:44:59 server sshd[30313]: Invalid user confluence from 191.239.XXX.XX port 48198
I've already changed the /etc/csf/csf.conf to be:

LF_EMAIL_ALERT = "0"
LF_TEMP_EMAIL_ALERT = "0"
CT_EMAIL_ALERT = "0"

PS_EMAIL_ALERT = "1"
LF_SSH_EMAIL_ALERT = "1" - But it says 'Send an email alert if anyone logs in successfully using SSH

The comment on 'LF_SSH_EMAIL_ALERT' says that this e-mail is sent if someone logs into SSH successfully (which I would want), but the e-mail alerts are coming through when they have failed to login and therefore being blocked.

Any ideas on why I am getting these e-mails despite the settings I have above ?

Thanks in advance
kevinlech
Junior Member
Posts: 1
Joined: 28 Nov 2020, 16:56

Re: Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Post by kevinlech »

I am also getting the same error as you said, i dont know how to fix that like you :((
mikey_189763
Junior Member
Posts: 8
Joined: 16 Jul 2017, 20:26

Re: Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Post by mikey_189763 »

+1 Came here looking for a solution. I'm trying to disable perm block emails, but I keep getting them anyway.
Sergio
Junior Member
Posts: 1685
Joined: 12 Dec 2006, 14:56

Re: Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Post by Sergio »

If you are using cPanel the work around is very easy:

1. Enter into webmail of the account that you are receiving the emails.
2. Create a Filter.
3. Name the filter as you want.
4. On the first line select SUBJECT CONTAINS and write the subject of that email.
5. ADD a second line (be careful not to select OR) and select BODY CONTAINS and write:
Failures: 3 (sshd)
6. To finish select DELETE and save.

You will never get those emails in your inbox.
warmwhisky
Junior Member
Posts: 3
Joined: 20 Apr 2016, 11:20

Re: Receiving E-Mail Notifications - Even when EMAIL_ALERT disabled ??

Post by warmwhisky »

Same here. I've been fighting these notifications for weeks now. They continually come to my inbox.

Suspicious process running - added "/opt/cpanel/ea-php74/root/usr/sbin/php-fpm" to /etc/csf/csf.pignore then restart csf & lfd
Still get notifications

Excessive processes running - added PT_USERMEM = "0" & PT_USERTIME = "0" to /etc/csf/csf.conf then restart csf & lfd
Still get notifications

SSH login alert for user
I get two emails exactly the same every time I login.

I know its good to have notifications about server issues, but this is overkill to the point that googling about these alert settings only finds people trying to disable them.
Post Reply