I think this is a bug with the current version of CSF. I have the latest version installed and still this problem is happening. The LFD doesn't take into account the csf.signore file, and keeps sending alerts even if the sending script is white listed in the signore file.
I understand that the LFD scans the mail log for the sending directory and can't know which script exactly in that directory is sending mails, so it raises alert with all possible mail sending scripts in that directory. However the solution is simple: if all mail sending scripts in that directory are white listed then no alert is warranted, and if at least one mail sending script in that directory is not in the signore white list then an alert should be raised.
When can we expect a fix of this issue to be released?
I've just noticed the same issue. I want to exclude an installation of PHPList from notifications. I've tried adding the following as I'm not sure of the correct syntax.