Differences

This shows you the differences between two versions of the page.

--- internet:mail:mailcleaner_csf [2021/01/27 13:53]
gcooper
+++ internet:mail:mailcleaner_csf [2021/02/08 09:23]
gcooper
@@ Line 24: / Line 24: @@
 <file>
-# We will use CSF for firewal, so exiting this script
+# We will use CSF for firewall, so exiting this script
 logger "MailCleaner firewall disabled in /usr/mailcleaner/etc/init.d/firewall"
 exit 0
@@ Line 130: / Line 130: @@
 STOPFORUMSPAMV6
 GREENSNOW
-</file>
-Processes you want LFD to ignore:
-<file>
-vim /etc/csf/csf.pignore
-</file>
-Add these lines at the bottom:
-<file>
-cmd:/opt/apache2/bin/httpd -f /usr/mailcleaner/etc/apache/httpd.conf
-cmd:/usr/bin/python /opt/greylistd/sbin/greylistd /usr/mailcleaner/etc/greylistd/greylistd.conf
-cmd:SpamHandler
-cmd:PrefTDaemon
-cmd:StatsDaemon
-cmd:MailWatch SQL
-cmd:spamd child
-pcmd:MailScanner: .*
-pcmd:/opt/clamav/sbin/clamd --config-file=/usr/mailcleaner/etc/clamav/clam.*
-pcmd:/opt/clamav/bin/freshclam --user=clamav --config-file=/usr/mailcleaner/etc/clamav/freshclam.*
-pcmd:/opt/mysql5/bin/mysqld --defaults-file=/usr/mailcleaner/etc/mysql/my_.*
-pcmd:/usr/local/bin/spamd --socketpath=/var/mailcleaner/spool/spamassassin/spamd.sock.*
-pcmd:/usr/local/bin/newsld --socketpath=/var/mailcleaner/spool/newsld/newsld.sock.*
-pcmd:/opt/exim4/bin/exim -C /usr/mailcleaner/etc/exim/exim_stage.*
-pcmd:/opt/exim4/bin/exim -C /var/mailcleaner/spool/tmp/exim/exim_stage.*
-pcmd:/opt/dcc/libexec/dccifd -h/opt/dcc/var.*
 </file>
@@ Line 240: / Line 212: @@
 </file>
-===== Start CSF and LFD =====
+===== Configure LFD =====
-Run this and check for obvious errors:
+LFD is the 'log file daemon'.  It **monitors log files** looking for infractions and suspicious processes.  LFD replaces, ''fail2ban'' in our use case.  LFD is a huge part of why CSF is so effective.
+<note warning>You will almost certainly need to edit ''csf.pignore'' to eliminate warnings from normal system processes, even though   These processes can and will change over time with system updates and changes.</note>
+The ''lfd.log'' will show you the processes it is concerned about:
 <file>
-csf -e && csf -s
+tail /var/log/lfd.log
-lfd -e && lfd -s
 </file>
-You can restart CSF and LFD like this:
+Processes you want LFD to ignore:
 <file>
-csf -ra
+vim /etc/csf/csf.pignore
 </file>
-===== LFD =====
+Add these lines at the bottom:
-LFD is the 'log file daemon'.  It **monitors log files** looking for infractions and suspicious processes.  LFD is a huge part of why CSF is so effective.
+<file>
+cmd:/opt/apache2/bin/httpd -f /usr/mailcleaner/etc/apache/httpd.conf
+cmd:/usr/bin/python /opt/greylistd/sbin/greylistd /usr/mailcleaner/etc/greylistd/greylistd.conf
+cmd:SpamHandler
+cmd:PrefTDaemon
+cmd:StatsDaemon
+cmd:MailWatch SQL
+cmd:spamd child
-<note warning>You will almost certainly need to edit ''csf.pignore'' to eliminate warnings from normal system processes, even though   These processes can and will change over time with system updates and changes.</note>
+pcmd:MailScanner: .*
+pcmd:/opt/clamav/sbin/clamd --config-file=/usr/mailcleaner/etc/clamav/clam.*
+pcmd:/opt/clamav/bin/freshclam --user=clamav --config-file=/usr/mailcleaner/etc/clamav/freshclam.*
+pcmd:/opt/mysql5/bin/mysqld --defaults-file=/usr/mailcleaner/etc/mysql/my_.*
+pcmd:/usr/local/bin/spamd --socketpath=/var/mailcleaner/spool/spamassassin/spamd.sock.*
+pcmd:/usr/local/bin/newsld --socketpath=/var/mailcleaner/spool/newsld/newsld.sock.*
+pcmd:/opt/exim4/bin/exim -C /usr/mailcleaner/etc/exim/exim_stage.*
+pcmd:/opt/exim4/bin/exim -C /var/mailcleaner/spool/tmp/exim/exim_stage.*
+pcmd:/opt/dcc/libexec/dccifd -h/opt/dcc/var.*
+</file>
-The ''lfd.log'' will show you the processes it is concerned about:
+===== Start CSF and LFD =====
+Run this and check for obvious errors:
 <file>
-tail /var/log/lfd.log
+csf -e && csf -s
+lfd -e && lfd -s
+</file>
+You can restart CSF and LFD like this:
+<file>
+csf -ra
 </file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools