ConfigServer Community Forum

geekytone

Hello, Due to some requirements, I can't use PT_USERKILL to kill process over PT_USERTIME / PT_USERMEM, I need to use custom script in PT_USER_ACTION to perform advanced checks. However, I've seen that since I switched PT_USERKILL to 0, I keep receiving "Excessive resource usage" emails, n...

geekytone

Yes, all IP listed in csf.allow can bypass the SMTP_BLOCK. You can just add on csf.allow the following:

Code: Select all

tcp|out|d=587|d=1.2.3.4
tcp|in|s=587|s=1.2.3.4

(Don't forget to replace 1.2.3.4 with your server's IP address, and eventually replace the 587 port with your accurate port number)

geekytone

Hello, Check the "SMTP_BLOCK" settings which block the outgoing SMTP ports (defined by SMTP_PORTS settings) for users (then only the local SMTP server like postfix or exim is allowed to connect to external SMTP). If you are using cPanel, check also if external SMTP is correctly allowed on ...

geekytone

Hello, I see one IP address blocked on CSF: # csf -g xxx.xxx.xxx.xxx (...) IPSET: Set:bl_CXS_LF_HTACCESS Match:xxx.xxx.xxx.xxx Setting:CXS_LF_HTACCESS file:/etc/csf/csf.blocklists (....) As I see on LFD log, the IP was blocked by LFD for htpasswd fail. However, I'm unable to unblock it from SSH by &...

geekytone

Hello,

As title said, an regex / full text signature exclusion on cxs.ignore would be very nice.

Sample use case: you are on cPanel, you only have one ClamAV, you want to scan emails with specifics commercial signatures to detect spams, but these signatures trigger false positives on files.

geekytone

Hello, Currently, I get a ton of emails like this: lfd on [hostname]: Suspicious File Alert Time: Mon Nov 27 10:17:20 2023 +0100 File: /tmp/xxxxxxxx.o Reason: Linux Binary Owner: varnish:varnish (xxx:xxx) Action: No action taken These files are created by Varnish when it compiles the VCL for reloadi...

geekytone

Sergio wrote: ↑06 Sep 2023, 15:00 yes, in CSF are the instructions for this:

Hello,

Thank you for your help, it works.

geekytone

Good morning, We currently have a custom blocklist and we managed to implement a webui for asking an unblock. But as the blocklist can only be reloaded each 3600s, the user have to wait a maximum time of 3600s to get unblocked. Is there a way to trigger a blocklist reload within CSF/LFD from SSH? In...

geekytone

Good morning,

Is there any API or CLI command to disable MailScanner storing messages? At this time, I know only the way using MSFE > MailControl Performance.

geekytone

Good morning,

I put limits on systemd to limit ClamAV usage with CXS. For that, I created the file /etc/systemd/system/clamd.service.d/limits.conf with following content:

Code: Select all

[Service]
IOSchedulingPriority = 7
CPUQuota = 30%

ConfigServer Community Forum

Search found 24 matches

Disable "Excessive resource usage" mail when PT_USERKILL=0

Re: CSF SMTP Auth Blocking Issue for Mailgun

Re: CSF SMTP Auth Blocking Issue for Mailgun

How to unblock IP blocked by LFD on a blocklist

Ability to exclude signatures on cxs.ignore

Unable to whitelist Varnish from LFD Suspicious File Alert

Re: How to force to reload a blocklist?

How to force to reload a blocklist?

Disable MailScanner storing messages using Ansible

Re: CXS High CPU Load and Clamd