Hello,
I am trying to find a way to control the sending of distributed attack emails notifications only. I can't seem to find a way to do this. The reason is there are so many of these notifications, upwards of a thousand a day, for smtp and ftp.
Is there a way to manage specific lfd email notifications?
L
too many distributed email notifications
-
curriertech
- Junior Member
- Posts: 21
- Joined: 07 Aug 2007, 20:29
Re: too many distributed email notifications
I was recently looking for a way to do this as well, but I couldn't find a way to do it. I ended up disabling alerts altogether.
Re: too many distributed email notifications
Just wrote me here example of the message you get and i will tell you where you will disable the option
Re: too many distributed email notifications
here is an example header of that email notification:
Time: Tue Mar 25 12:05:00 2014 -0400
IP: distributed smtpauth attack on account [xxxx@xxxxxxxxxxx.xxx]
Failures: 10
Interval: 3600 seconds
Blocked: Permanent Block
proceeded with the actual data.
I think the only way to do this is disable the login failure notifications altogether as curriertech mentioned. It would be nice to have a finer level of control to manage this. Wasn't an issue until now, the increase in distributed SMTP attacks have become outrageous.
Time: Tue Mar 25 12:05:00 2014 -0400
IP: distributed smtpauth attack on account [xxxx@xxxxxxxxxxx.xxx]
Failures: 10
Interval: 3600 seconds
Blocked: Permanent Block
proceeded with the actual data.
I think the only way to do this is disable the login failure notifications altogether as curriertech mentioned. It would be nice to have a finer level of control to manage this. Wasn't an issue until now, the increase in distributed SMTP attacks have become outrageous.
Re: too many distributed email notifications
Just change this below to 0
LF_PERMBLOCK_ALERT
LF_PERMBLOCK_ALERT