OSSEC is installed on my VPS and I'm getting regular email level 2 alerts with eg the following content:
Received From: server->/var/log/maillog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 12 10:07:45 server authdaemond: Failed to getpwnam for user marketing
They must be phishing attempts, and after x-number the ip is blocked by lfd. How can I suppress these particular alert emails?