Hello,
We have 127.0.0.1 in the ignore list and yet we are getting flooded with alert emails. We are running ASSP Deluxe which generates a lot of mail flow using that IP.
Could there be something that's keeping the ignore list from loading? Any guidance would be greatly appreciated.
Mark
Here's a sample:
Time: Wed Jun 10 14:21:18 2015 -0500
Type: LOCALHOSTRELAY, localhost - 127.0.0.1
Count: 101 emails relayed
Blocked: No
Sample of the first 10 emails:
2015-06-10 14:08:47 1Z2lMl-0001sU-33 <= communitynotice@teamnoticecommunity.us H=(four.burnthost.com) [127.0.0.1]:42007 P=smtp S=2795 id=communitynotice1529128@teamnoticecommunity.us T="[ SPAM ] ALERT: New Risk of Child-Predators in Your Area #1529128" for spammaster@spamboxser.us
2015-06-10 14:08:50 1Z2lMn-0001xb-MD <= purchasing@gmmetalfab.com H=(Purchasing2) [127.0.0.1]:42008 P=esmtpsa X=TLSv1.2:AES128-SHA256:128 A=dovecot_login:purchasing@gmmetalfab.com S=18877 id=WiO4d.1603deec66.00ac01d0a3b0$e2223a90$a666afb0$@com T="RE:" for peplansky@finishingcompany.com
LOCALHOSTRELAY, localhost - 127.0.0.1
-
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: LOCALHOSTRELAY, localhost - 127.0.0.1
csf.ignore has nothing to do with the RT_LOCALHOSTRELAY_ALERT option. If you want to ignore email sent via a local IP addresses, you should disable RT_LOCALHOSTRELAY_ALERT and then restart csf and then lfd.
Re: LOCALHOSTRELAY, localhost - 127.0.0.1
Curious, why would I being getting alerts when 127.0.0.1 is on the ignore list? If we disable RT_LOCALHOSTRELAY_ALERT then we'd not be monitoring suspicious behavior? Maybe ignoring 127.0.0.1 does that as well?