LF_DISTSMTP log entries for ignored IPs

Post Reply
pbilodeau
Junior Member
Posts: 1
Joined: 29 Oct 2012, 20:09

LF_DISTSMTP log entries for ignored IPs

Post by pbilodeau »

Hello all,

In order to block distributed SMTP attacks using hacked passwords, I have set the following parameters:

LF_INTERVAL = 600
LF_DISTATTACK = 1
LF_DISTSMTP = 3
LF_DISTSMTP_UNIQ = 3
LF_DISTSMTP_PERM = 1

I also have some IPs listed in csf.allow and lfd.ignore. It seems that everytime someone sends ONE email from any of the ignored IP, an entry is added to the lfd.log file (below).

Oct 29 15:56:05 server1 lfd[13442]: Distributed SMTP 207.x.y.226 - ignored
Oct 29 15:56:35 server1 lfd[13442]: Distributed SMTP 162.x.y.66 - ignored
Oct 29 15:56:35 server1 lfd[13442]: Distributed SMTP 162.x.y.66 - ignored
Oct 29 15:57:40 server1 lfd[13442]: Distributed SMTP 162.x.y.66 - ignored
Oct 29 15:57:40 server1 lfd[13442]: Distributed SMTP 70.x.y.161 - ignored
Oct 29 16:00:20 server1 lfd[13442]: Distributed SMTP 162.x.y.66 - ignored
Oct 29 16:01:20 server1 lfd[13442]: Distributed SMTP 208.x.y.162 - ignored
Oct 29 16:03:00 server1 lfd[13442]: Distributed SMTP 208.x.y.162 - ignored
Oct 29 16:04:05 server1 lfd[13442]: Distributed SMTP 208.x.y.162 - ignored
Oct 29 16:04:56 server1 lfd[13442]: Distributed SMTP 207.x.y.226 - ignored
Oct 29 16:05:51 server1 lfd[13442]: Distributed SMTP 162.x.y.66 - ignored
Oct 29 16:07:38 server1 lfd[13442]: Distributed SMTP 208.x.y.162 - ignored
Oct 29 16:08:08 server1 lfd[13442]: Distributed SMTP 162.x.y.66 - ignored

This is not a huge problem, but annoying because the lfd.log gets filled with entries I don't care about. Can the DIST ATTACK engine NOT log these ignored IPs?

Thanks!
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Re: LF_DISTSMTP log entries for ignored IPs

Post by ForumAdmin »

This has now been introduced in csf v5.68:
http://blog.configserver.com/index.php?itemid=683
Post Reply