Linux Server Firewall - CSF/LFD logging errors from process Postfix/SMTPD

Does anyone know how I can stop LFD from sending Failure emails for trusted processes? Do I need to 'whitelist' certain processes in CSF?
Mine is sending an email every minute or so, resulting in tens of thousands of useless emails (& using server time of course)

THE EMAIL MESSAGE:
Subject:  
lfd on server.myservername.com: Suspicious process running under user postfix
Body:  
Time:    Fri Dec  8 07:56:26 2017 -0800
PID:     23757 (Parent PID:12511)
Account: postfix
Uptime:  104 seconds

Executable:
/usr/libexec/postfix/smtpd

Command Line (often faked in exploits):
smtpd -n 25 -t inet -u -o stress=

Network connections by the process (if any):
tcp: 0.0.0.0:25 -> 0.0.0.0:0

Files open by the process (if any):
/dev/null
/dev/null
/dev/null
/var/spool/postfix/pid/inet.25
anon_inode:[eventpoll]
/etc/aliases.db
/etc/aliases.db
/var/spool/postfix/plesk/aliases.db
/var/spool/postfix/plesk/aliases.db
/var/spool/postfix/plesk/virtual.db
/var/spool/postfix/plesk/virtual.db
/var/spool/postfix/plesk/vmailbox.db
/var/spool/postfix/plesk/vmailbox.db
/var/spool/postfix/plesk/blacklists.db
/var/spool/postfix/plesk/blacklists.db

Memory maps by the process (if any):
7f3a55962000-7f3a55971000 r-xp 00000000 103:01 11846418                  /usr/lib64/libbz2.so.1.0.6
7f3a55971000-7f3a55b70000 ---p 0000f000 103:01 11846418                  /usr/lib64/libbz2.so.1.0.6
7f3a55b70000-7f3a55b71000 r--p 0000e000 103:
etc etc etc
LVL 1
bleggeeAsked:
Who is Participating?
 
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Use the following command or your Distro's equivalent, to surface naming convention of where your Distro keeps these config files.

dpkg -l $package

Open in new window


To verify you have the correct conf files, camp on where you think they live, with this command or something similar...

inotifywait -mrq /etc | grep csf

Open in new window


Then bounce (stop/restart) your firewall service + if you have the correct directory, you should see all config files scroll by.

Never guess. Always know for sure, before you start config file changes.

Nothing is so annoying as continually editing the config file you think is being used, when the real one is squirreled away somewhere else.
0
 
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Likely the LF_ALERT_TO config setting is what you'll require changing.

Well... maybe... each Distro is it's own world.
0
 
bleggeeAuthor Commented:
Thx - I'll check that. By the way, I am running CentOS ver 7 if that matters much.
0
 
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
I only run Ubuntu, so if I had to debug CentOS, I'd rely on inotifywait to identify correct config files.

If nothing in /etc shows up, this means you may have to fallback to doing something like...

locate /csf

Open in new window


To find all csf files or lfd.

Also with CentOS you're hobbled by yum + rpm, which have no equivalent of...

dpkg -S $(which executable)
dpkg -l $package

Open in new window


So you'll really be shooting in the dark.

One of the reason I love Debian/Ubuntu is package management takes seconds to do what yum/rpm require large amounts of time to figure out.
0
 
bleggeeAuthor Commented:
Yes, I was thinking of switching from the dark side & going with Debian/Ubuntu.  Never did like the idea of RPM & Yum.
:)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.