Page 1 of 1
too many distributed email notifications
Posted: 19 Mar 2014, 15:02
by jhosting
Hello,
I am trying to find a way to control the sending of distributed attack emails notifications only. I can't seem to find a way to do this. The reason is there are so many of these notifications, upwards of a thousand a day, for smtp and ftp.
Is there a way to manage specific lfd email notifications?
L
Re: too many distributed email notifications
Posted: 22 Mar 2014, 02:20
by curriertech
I was recently looking for a way to do this as well, but I couldn't find a way to do it. I ended up disabling alerts altogether.
Re: too many distributed email notifications
Posted: 22 Mar 2014, 20:51
by lfwej
Just wrote me here example of the message you get and i will tell you where you will disable the option
Re: too many distributed email notifications
Posted: 26 Mar 2014, 01:15
by jhosting
here is an example header of that email notification:
Time: Tue Mar 25 12:05:00 2014 -0400
IP: distributed smtpauth attack on account [
xxxx@xxxxxxxxxxx.xxx]
Failures: 10
Interval: 3600 seconds
Blocked: Permanent Block
proceeded with the actual data.
I think the only way to do this is disable the login failure notifications altogether as curriertech mentioned. It would be nice to have a finer level of control to manage this. Wasn't an issue until now, the increase in distributed SMTP attacks have become outrageous.
Re: too many distributed email notifications
Posted: 30 Mar 2014, 21:53
by lfwej
Just change this below to 0
LF_PERMBLOCK_ALERT