how to ignore

Post Reply
nobodyfamous
Junior Member
Posts: 13
Joined: 29 Dec 2013, 16:18

how to ignore

Post by nobodyfamous »

I am already ignoring the user via it's ID, but keep getting this email
Subject: ...Suspicious process running under user postgrey

Time: Tue Dec 31 12:24:39 2013 -0400
PID: 14373 (Parent PID:14373)
Account: postgrey
Uptime: 18584 seconds


Executable:

/usr/bin/perl


Command Line (often faked in exploits):

/usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=10023


Network connections by the process (if any):

tcp: 127.0.0.1:10023 -> 0.0.0.0:0


Files open by the process (if any):

/dev/null
/dev/null
/dev/null
/usr/sbin/postgrey
/var/lib/postgrey/postgrey.lock
/var/lib/postgrey/log.0000000001
/var/lib/postgrey/postgrey.db
/var/lib/postgrey/postgrey_clients.db


Memory maps by the process (if any):

DATA REMOVED I DON'T THINK IT IS NESSESARY
This one as well, again I have already added the user ID to the ignor list;
Subject: ...Excessive resource usage: greylist (15119 (Parent PID:15119))

Time: Tue Dec 31 12:24:39 2013 -0400
Account: greylist
Resource: Virtual Memory Size
Exceeded: 263 > 255 (MB)
Executable: /usr/sbin/milter-greylist
Command Line: /usr/sbin/milter-greylist -P /var/run/greylist.pid -u greylist -p /var/spool/postfix/var/run/milter-greylist/milter-greylist.sock
PID: 15119 (Parent PID:15119)
Killed: No
nobodyfamous
Junior Member
Posts: 13
Joined: 29 Dec 2013, 16:18

Re: how to ignore

Post by nobodyfamous »

For anyone else who may find this, I figured it out;

For the "Suspicious process running under user postgrey" I had ignored the postgrey UID under csf.uidignor - That DOES NOT WORK. I had to go under the csf.pignor and enter user:postgrey That took care of the hourly emails.

As for the "Excessive resource usage" I have just upped the memory limit to 275MB

Now I just need to figure out how to ignore my automated Virtualmin backups. . .
Post Reply