ConfigServer Community Forum

Posted: **31 Dec 2013, 17:07**

I am already ignoring the user via it's ID, but keep getting this email

Subject: ...Suspicious process running under user postgrey

Time: Tue Dec 31 12:24:39 2013 -0400
PID: 14373 (Parent PID:14373)
Account: postgrey
Uptime: 18584 seconds

Executable:

/usr/bin/perl

Command Line (often faked in exploits):

/usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=10023

Network connections by the process (if any):

tcp: 127.0.0.1:10023 -> 0.0.0.0:0

Files open by the process (if any):

/dev/null
/dev/null
/dev/null
/usr/sbin/postgrey
/var/lib/postgrey/postgrey.lock
/var/lib/postgrey/log.0000000001
/var/lib/postgrey/postgrey.db
/var/lib/postgrey/postgrey_clients.db

Memory maps by the process (if any):

DATA REMOVED I DON'T THINK IT IS NESSESARY

This one as well, again I have already added the user ID to the ignor list;

Subject: ...Excessive resource usage: greylist (15119 (Parent PID:15119))

Time: Tue Dec 31 12:24:39 2013 -0400
Account: greylist
Resource: Virtual Memory Size
Exceeded: 263 > 255 (MB)
Executable: /usr/sbin/milter-greylist
Command Line: /usr/sbin/milter-greylist -P /var/run/greylist.pid -u greylist -p /var/spool/postfix/var/run/milter-greylist/milter-greylist.sock
PID: 15119 (Parent PID:15119)
Killed: No

Posted: **03 Jan 2014, 14:29**

For anyone else who may find this, I figured it out;

For the "Suspicious process running under user postgrey" I had ignored the postgrey UID under csf.uidignor - That DOES NOT WORK. I had to go under the csf.pignor and enter user:postgrey That took care of the hourly emails.

As for the "Excessive resource usage" I have just upped the memory limit to 275MB

Now I just need to figure out how to ignore my automated Virtualmin backups. . .

ConfigServer Community Forum

how to ignore

how to ignore

Re: how to ignore