Linux Server Firewall - CSF/LFD logging errors from process Postfix/SMTPD

Does anyone know how I can stop LFD from sending Failure emails for trusted processes? Do I need to 'whitelist' certain processes in CSF?
Mine is sending an email every minute or so, resulting in tens of thousands of useless emails (& using server time of course)

THE EMAIL MESSAGE:
Subject:  
lfd on server.myservername.com: Suspicious process running under user postfix
Body:  
Time:    Fri Dec  8 07:56:26 2017 -0800
PID:     23757 (Parent PID:12511)
Account: postfix
Uptime:  104 seconds

Executable:
/usr/libexec/postfix/smtpd

Command Line (often faked in exploits):
smtpd -n 25 -t inet -u -o stress=

Network connections by the process (if any):
tcp: 0.0.0.0:25 -> 0.0.0.0:0

Files open by the process (if any):
/dev/null
/dev/null
/dev/null
/var/spool/postfix/pid/inet.25
anon_inode:[eventpoll]
/etc/aliases.db
/etc/aliases.db
/var/spool/postfix/plesk/aliases.db
/var/spool/postfix/plesk/aliases.db
/var/spool/postfix/plesk/virtual.db
/var/spool/postfix/plesk/virtual.db
/var/spool/postfix/plesk/vmailbox.db
/var/spool/postfix/plesk/vmailbox.db
/var/spool/postfix/plesk/blacklists.db
/var/spool/postfix/plesk/blacklists.db

Memory maps by the process (if any):
7f3a55962000-7f3a55971000 r-xp 00000000 103:01 11846418                  /usr/lib64/libbz2.so.1.0.6
7f3a55971000-7f3a55b70000 ---p 0000f000 103:01 11846418                  /usr/lib64/libbz2.so.1.0.6
7f3a55b70000-7f3a55b71000 r--p 0000e000 103:
etc etc etc
LVL 1
bleggeeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Use the following command or your Distro's equivalent, to surface naming convention of where your Distro keeps these config files.

dpkg -l $package

Open in new window


To verify you have the correct conf files, camp on where you think they live, with this command or something similar...

inotifywait -mrq /etc | grep csf

Open in new window


Then bounce (stop/restart) your firewall service + if you have the correct directory, you should see all config files scroll by.

Never guess. Always know for sure, before you start config file changes.

Nothing is so annoying as continually editing the config file you think is being used, when the real one is squirreled away somewhere else.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Likely the LF_ALERT_TO config setting is what you'll require changing.

Well... maybe... each Distro is it's own world.
0
bleggeeAuthor Commented:
Thx - I'll check that. By the way, I am running CentOS ver 7 if that matters much.
0
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
I only run Ubuntu, so if I had to debug CentOS, I'd rely on inotifywait to identify correct config files.

If nothing in /etc shows up, this means you may have to fallback to doing something like...

locate /csf

Open in new window


To find all csf files or lfd.

Also with CentOS you're hobbled by yum + rpm, which have no equivalent of...

dpkg -S $(which executable)
dpkg -l $package

Open in new window


So you'll really be shooting in the dark.

One of the reason I love Debian/Ubuntu is package management takes seconds to do what yum/rpm require large amounts of time to figure out.
0
bleggeeAuthor Commented:
Yes, I was thinking of switching from the dark side & going with Debian/Ubuntu.  Never did like the idea of RPM & Yum.
:)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.