ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

csf.mignore : possible bug or incorrect config?

https://mail.forum.configserver.com/viewtopic.php?t=6414

Page 1 of 1

csf.mignore : possible bug or incorrect config?

Posted: 21 Mar 2013, 11:17
by TechsPW
Hi,

I use CSF v6.02, and am trying to use csf.mignore to ignore mails from a particular user "andrew". I have added the username "andrew" to csf.mignore as mentioned in the config server blog post (unable to post URL).

But, outgoing mails are still being reported from that account. Logs are as below:

==========
2013-03-21 09:00:01 1UIbLt-001Oi0-7M <= andrew@hostname U=andrew P=local S=1146 id=ecf19523d14141fb5e1504092d4d2fbd@XXXXXX T="Activate user account" for moderator@XXXXXX
2013-03-21 09:00:25 1UIbMH-001OnI-SU <= andrew@hostname U=andrew P=local S=1594 id=8ceef0953aedafbb450243d57f3ebf8e@XXXXXX T="Welcome to \"Discussion Zone\"" for subscriber@YYYYY
2013-03-21 09:00:25 1UIbMH-001OnS-Tz <= andrew@hostname U=andrew P=local S=1140 id=9db45f9d0e4c522aff221a1740bd98a9@XXXXXX T="Activate user account" for andy@XXXXXX
==========

These mails are sent out from a phpBB 3.x forum, and the "P=local" received_protocol log shows that it was a local injection. So, I wonder if it is a problem in the mignore check.

The permissions are like below in case its relevant:

==========
[root@node007 forum]# ll /etc/csf/csf.mignore
-rw------- 1 root root 415 Mar 1 16:14 /etc/csf/csf.mignore
[root@node007 forum]# ps aux | grep lfd
root 220448 0.1 0.1 174808 27020 ? Ss 04:59 0:28 lfd - sleeping
==========

Also posting the relevant section in the code for quick check;

==========

Code: Select all

if ($config{RT_RELAY_ALERT} or $config{RT_AUTHRELAY_ALERT} or $config{RT_POPRELAY_ALERT} or $config{RT_LOCALRELAY_ALERT} or $config{RT_LOCALHOSTRELAY_ALERT}) {
        &logfile("Email Relay Tracking...");
        if ($config{RT_LOCALRELAY_ALERT}) {
                if (-e "/etc/csf/csf.mignore") {
                        open (IN, "</etc/csf/csf.mignore") or &cleanup(__LINE__,$!);
                        flock (IN, LOCK_SH);
                        my @mignore = <IN>;
                        close (IN);
                        chomp @mignore;
                        foreach my $line (@mignore) {
                                if ($line =~ /^\#/) {next}
                                if ($line eq "") {next}
                                $rtignore{$line} = 1;
                        }
                }
        }
}
==========

Should I give the username in some other format or is it really a bug?

Thank you for looking into this.

--
Vincent S.

Re: csf.mignore : possible bug or incorrect config?

Posted: 21 Mar 2013, 12:02
by ForumAdmin
I just successfully tested this with the log line:

Code: Select all

2013-03-21 09:00:01 1UIbLt-001Oi0-7M <= andrew@homer.webumake.net U=andrew P=local S=1146 id=ecf19523d14141fb5e1504092d4d2fbd@XXXXXX T="Activate user account" for moderator@XXXXXX
and with the following on its own on a line in /etc/csf/csf.mignore:

Code: Select all

andrew
The log lines were then ignored for that user.

Re: csf.mignore : possible bug or incorrect config?

Posted: 22 Mar 2013, 05:01
by TechsPW
Can you suggest a troubleshooting approach? I have "andrew" in csf.mignore as given below:

Code: Select all

[root@node007 ~]# cat /etc/csf/csf.mignore
###############################################################################
# Copyright 2006-2012, Way to the Web Limited
# URL: http://www.configserver
# Email: sales@waytotheweb
###############################################################################
# The following is a list of usernames and local IP addresses that
# RT_LOCALRELAY_ALERT will ignore
#
# Add only one username per line
andrew
[root@node007 ~]#
Is there a way to enable debugging in LFD? Or probably print and log all passes that come through the number of mails check?

Any help is appreciated.

Thank you.

--
Vincent S.

Re: csf.mignore : possible bug or incorrect config?

Posted: 22 Mar 2013, 09:24
by ForumAdmin
Did you restart lfd after making the change? Other than that, you could try setting DEBUG to "1" in /etc/csf/csf.conf and then restarting lfd and trying again. Other than that, I don't know why it would not be working for you.

Re: csf.mignore : possible bug or incorrect config?

Posted: 22 Mar 2013, 13:00
by TechsPW
I hope the debug log is written to /var/log/lfd.log

Been about 10 mins since I enabled the DEBUG mode and restarted LFD, but nothing is there in the log.

And to answer your question, yes I did restart LFD+CSF multiple times after mignore was updated.

Can you let me know the working logic of mignore file? Does it monitor the exim_mainlog for P=local entries, and then trigger the alert if the number goes above RT_LOCALRELAY_LIMIT?

If you can tell me which all values it is looking for in the log file, I'll try and figure out what's going on and post here.

Thank you.

--
Vincent S.

Re: csf.mignore : possible bug or incorrect config?

Posted: 13 Dec 2013, 18:48
by hermit
TechsPW wrote:Hi,

I use CSF v6.02, and am trying to use csf.mignore to ignore mails from a particular user "andrew". I have added the username "andrew" to csf.mignore as mentioned in the config server blog post (unable to post URL).

Should I give the username in some other format or is it really a bug?

Vincent S.
I wish you cold have posted the url because this is the only reference I can find to what the format should be. Nothing I have tried so far has worked.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited