ConfigServer Community Forum

Hi,

Does anyone know how is fully disable LFD email alert from CSF ?

we already use any documentation from the cPanel, community, but still wont work, alert email still delivered and many got frozen :

- https://support.cpanel.net/hc/en-us/com ... ifications

- https://webuzo.com/docs/how-tos/how-to- ... ts.&text=4)Search%20for%20%E2%80%9CLF_EMAIL_ALERT%E2%80%9D,Restart%20csf%2Blfd%22%20button.

here is want example of email header :

Return-path: <root@XXXXXXX>
Received: from root by XXXXXX with local (Exim 4.98)
(envelope-from <root@XXXXXX>)
id 1tAjEL-00000009Pya-1n98
for root@XXXXXXX;
Tue, 12 Nov 2024 13:14:21 +0800
To: root@XXXXXX.com
Subject: lfd on XXXXXXSERVER: Excessive resource usage: dnaccasi (2244568 (Parent PID:2555458))
From: <root@XXXXXXX>
Message-Id: <E1tAjEL-00000009Pya-1n98@XXXXXXXX>
Date: Tue, 12 Nov 2024 13:14:21 +0800

Time: Tue Nov 12 13:14:21 2024 +0800
Account: dnaccasi
Resource: Virtual Memory Size
Exceeded: 741 > 512 (MB)
Executable: /opt/cpanel/ea-php81/root/usr/sbin/php-fpm
Command Line: php-fpm: pool dnacc_asia
PID: 2244568 (Parent PID:2555458)

Have you tried to add the following line into CSF.PIGNORE?
exe: /opt/cpanel/ea-php81/root/usr/sbin/php-fpm

Sergio

Time: Sat Nov 23 10:55:52 2024 +0100
Account: psaadm
Process Count: 17 (Not killed)

Process Information:

User:psaadm PID:469 PPID:469 Run Time:690038(secs) Memory:2127688(kb) RSS:20016(kb) exe:/usr/lib/plesk-task-manager cmd:/usr/lib/plesk-task-manager --config /opt/psa/admin/conf/task-manager.yml --data /var/lib/plesk/task-manager
User:psaadm PID:909 PPID:909 Run Time:690033(secs) Memory:125260(kb) RSS:51328(kb) exe:/usr/bin/sw-engine cmd:/usr/bin/sw-engine -c /opt/psa/admin/conf/php.ini /opt/psa/admin/plib/WebSocket/bin/ws-server.php
User:psaadm PID:653685 PPID:74760 Run Time:6623(secs) Memory:249816(kb) RSS:102104(kb) exe:/usr/sbin/sw-engine-fpm cmd:sw-engine-fpm: pool plesk
User:psaadm PID:653944 PPID:74760 Run Time:6614(secs) Memory:259852(kb) RSS:100288(kb) exe:/usr/sbin/sw-engine-fpm cmd:sw-engine-fpm: pool plesk
User:psaadm PID:1151588 PPID:74760 Run Time:453(secs) Memory:254808(kb) RSS:75952(kb) exe:/usr/sbin/sw-engine-fpm cmd:sw-engine-fpm: pool plesk
User:psaadm PID:1152677 PPID:74760 Run Time:448(secs) Memory:244412(kb) RSS:72204(kb) exe:/usr/sbin/sw-engine-fpm cmd:sw-engine-fpm: pool plesk
User:psaadm PID:1152681 PPID:74760 Run Time:448(secs) Memory:244436(kb) RSS:72388(kb) exe:/usr/sbin/sw-engine-fpm cmd:sw-engine-fpm: pool plesk
User:psaadm PID:1153331 PPID:74760 Run Time:443(secs) Memory:244424(kb) RSS:72532(kb) exe:/usr/sbin/sw-engine-fpm cmd:sw-engine-fpm: pool plesk
User:psaadm PID:1169782 PPID:1169768 Run Time:345(secs) Memory:2892(kb) RSS:976(kb) exe:/usr/bin/dash cmd:/bin/sh -c /opt/psa/admin/bin/php -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/plesk-mobile/scripts/push_worker.php'
User:psaadm PID:1169801 PPID:1169782 Run Time:345(secs) Memory:117596(kb) RSS:50388(kb) exe:/usr/bin/sw-engine cmd:/usr/bin/sw-engine -c /opt/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /opt/psa/admin/plib/modules/plesk-mobile/scripts/push_worker.php
User:psaadm PID:1229388 PPID:1151588 Run Time:4(secs) Memory:2896(kb) RSS:988(kb) exe:/usr/bin/dash cmd:sh -c '/opt/psa/admin/bin/modules/repair-kit/list.sh'
User:psaadm PID:1230783 PPID:653944 Run Time:0(secs) Memory:2896(kb) RSS:944(kb) exe:/usr/bin/dash cmd:sh -c '/opt/psa/admin/bin/modules/imunify360/define-app-mode.sh'
User:psaadm PID:3582912 PPID:3582907 Run Time:56927(secs) Memory:123732(kb) RSS:51984(kb) exe:/usr/bin/sw-engine cmd:/usr/bin/sw-engine -c /opt/psa/admin/conf/php.ini /usr/local/psa/bin/extension --exec revisium-antivirus ra_executor.php
User:psaadm PID:3582914 PPID:3582912 Run Time:56926(secs) Memory:2892(kb) RSS:936(kb) exe:/usr/bin/dash cmd:sh -c '/opt/psa/admin/bin/php' -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php' 2>&1
User:psaadm PID:3582915 PPID:3582914 Run Time:56926(secs) Memory:119280(kb) RSS:48608(kb) exe:/usr/bin/sw-engine cmd:/usr/bin/sw-engine -c /opt/psa/admin/conf/php.ini -dauto_prepend_file=sdk.php /opt/psa/admin/plib/modules/revisium-antivirus/scripts/ra_executor.php
User:psaadm PID:3617216 PPID:74760 Run Time:44187(secs) Memory:250380(kb) RSS:112188(kb) exe:/usr/sbin/sw-engine-fpm cmd:sw-engine-fpm: pool plesk
User:psaadm PID:3658882 PPID:74760 Run Time:41477(secs) Memory:249920(kb) RSS:103572(kb) exe:/usr/sbin/sw-engine-fpm cmd:sw-engine-fpm: pool plesk



this another email i try to put in pignore exe and cdm extract from this email
but nothing to do always receive emails log from ldf

hello I have also same problem
i've tried many solutions PT_user =0 , disabling email alerts on csf.conf
put some process in csf.pignore all solutions founded on the web but nothing works always tons of email with alerts from lfd
i have plesk and linux so not a gui but all commands via ssh
this example of email received

Time: Sat Nov 23 10:46:12 2024 +0100
Account: dovecot
Resource: Process Time
Exceeded: 689336 > 1800 (seconds)
Executable: /usr/lib/dovecot/anvil
Command Line: dovecot/anvil
PID: 4970 (Parent PID:4946)
Killed: No

i put in pigingore
exe: /usr/lib/dovecot/anvil
also
cmd: dovecot/anvil
but continue to send emails regarding this issue

As the email is pure informative it means that you don't do have to do anything more than check why dovecot is reporting this.

So, you don't need to add any rule into pignore as it is been ignored by the OS.
Checking on the anvil process:
is responsible for tracking authentication penalties for different IP addresses. This helps to slow down brute force login attempts.

The above means that maybe you have an account that is checking emails very often.

If you don't want to receive those emails and you don't have a way to prevent them to being delivered, delete the emails before they enter into your mailbox creating an email rule to delete such emails.

Sergio wrote: ↑24 Nov 2024, 16:50 As the email is pure informative it means that you don't do have to do anything more than check why dovecot is reporting this.

So, you don't need to add any rule into pignore as it is been ignored by the OS.
Checking on the anvil process:
is responsible for tracking authentication penalties for different IP addresses. This helps to slow down brute force login attempts.

The above means that maybe you have an account that is checking emails very often.

If you don't want to receive those emails and you don't have a way to prevent them to being delivered, delete the emails before they enter into your mailbox creating an email rule to delete such emails.

thanks for suggestion... i have also mobile where i cannot create rule to remove so i'm overloaded with 100 emails at hour.. however i will try..
the strange is why all the suggestions to stop email by lfd does not work?

You don't need to do this at any device level, you can do it a cPanel level.

Just enter into cPanel go to "Email Filters" and create the rule to delete those emails.

Sergio

Sergio wrote: ↑25 Nov 2024, 16:04 You don't need to do this at any device level, you can do it a cPanel level.

Just enter into cPanel go to "Email Filters" and create the rule to delete those emails.

Sergio

i have Plesk not cpanel and i not find this option