ConfigServer Community Forum

Since last night, I am getting loads of lfd alerts

Time: Sun Dec 22 08:01:31 2013 +0000
Account: dovecot
Resource: Process Time
Exceeded: 34326 > 2400 (seconds)
Executable: /usr/libexec/dovecot/dict
Command Line: dovecot/dict
PID: 24272 (Parent PID:7206)
Killed: No

is this another one we have to add to csf pignore where cpanel have buggered up dovecote again with their incessant fiddling or have I got a problem on my server and it is warning on genuine attacks. It seems to have started at about 11pm GMT last night and I have had an hourly warning ever since
EXE:/usr/libexec/dovecot/dict

Looks like it's a valid Dovecot process, so ignore it unless it seems to be looping/causing a performance issue:
http://wiki2.dovecot.org/Services#dict

The cPanel support response is here FYI:
http://forums.cpanel.net/f5/dovecot-iss ... ost1501081

Vince, that Cpanel entry is a different issue
everybody knows about the lfd problems with auth and anvil and the default csf/lfd pignore contains those entries, but this is a new one that just started after the latest cpanel update, so they appear to have buggered things up again

I see, sorry, didn't realise your issue was dovecote/dict instead of /anvil, I should read more carefully.
But in case it helps, my /anvil problem is only on one VPS which has WHM 1.4.0 and csf v6.38, but this problem doesn't happen on another VPS with WHM 1.4.1 and csf v6.37
Not sure if you are able to downgrade to csf v6.37 easily to test ?