Better way to handle LFD Email Alerts
Posted: 13 May 2015, 15:03
Starting yesterday, all of our cPanel servers are getting hit with a massive amount of SMTP Authentication failures, from distributed IP addresses. Yesterday alone, we are seeing over 8000 different unique IPs involved in these distributed attacks.
The flood of LFD emails caused us some email issues. I tried to disable SMTP AUTH failure emails, or at least route them to a different email address, but it seems that there is no option. At this point, we had to set LF_EMAIL_ALERT = 0
The problem with disabling LFD emails this way is that, in addition to disabling the SMTP AUTH failure email alerts, now we ALSO have to disable SSH, FTP, POP3, IMAP, HTACCESS, and MOD SEC (and others). We really do not want to do this.... especially SSH and Mod Sec alerts.
It seems in other parts of the CSF config, there is a way to enable/disable alerts, or change the email address, for individual alerts, but in the LFD config, it seems that they are all grouped together.
Thus my suggestion: That each of these services have their own config, so we can choose to enable or disable ALERTS on a per-service basis. A bonus would be to allow us to route alerts for each service to a different email address.
Thanks for listening. And THANKS for a great product and such a great service to the hosting community!
- Scott
The flood of LFD emails caused us some email issues. I tried to disable SMTP AUTH failure emails, or at least route them to a different email address, but it seems that there is no option. At this point, we had to set LF_EMAIL_ALERT = 0
The problem with disabling LFD emails this way is that, in addition to disabling the SMTP AUTH failure email alerts, now we ALSO have to disable SSH, FTP, POP3, IMAP, HTACCESS, and MOD SEC (and others). We really do not want to do this.... especially SSH and Mod Sec alerts.
It seems in other parts of the CSF config, there is a way to enable/disable alerts, or change the email address, for individual alerts, but in the LFD config, it seems that they are all grouped together.
Thus my suggestion: That each of these services have their own config, so we can choose to enable or disable ALERTS on a per-service basis. A bonus would be to allow us to route alerts for each service to a different email address.
Thanks for listening. And THANKS for a great product and such a great service to the hosting community!
- Scott