ConfigServer Community Forum

Thank you for this fix Vark. I can very much confirm it appears to work fine within my Debian 12 instances. -- To make keeping this patch in place more conveniently make a plain text file called "lfd-debian12.patch" as follows: --- /usr/sbin/lfd 2023-04-18 10:02:42.000000000 +0000 +++ /usr...

The abuse report wouldn't need to contain usernames, e.g. for mailboxes, because abuse reports are intended to be relayed to the ISP of the offending IP address rather than your own information as a system administrator. LFD will already give you a separate email containing a snippet of logs of whic...

Hello, I'd like to request that the automated abuse reports produced contain the destination (attacked) IP address in their opening line. The reason for this is that CSF only takes the hostname as written in "/etc/hostname", which is not an FQDN on many Linux distributions. There is plenty...

Hello, I do already have both LF_SMTPAUTH and LF_EXIMSYNTAX set to 5, so this should be quite aggressive? Too many "Incorrect authentication data" does correctly get blocked, it's just the "AUTH command used when not advertised" doesn't seem to ever get blocked. I guess what is h...

Hello there, Nearly all of my servers that run Exim are constantly being attacked by remote nodes trying to brute through an AUTH command before advertised. Every day I get a big list of AUTH command used when not advertised in logwatch. On a daily basis I'm blacklisting these remote nodes, because ...