I have been and am very grateful for this specail feature of CSF as it helps me catch problems like pop accounts with bad passwords getting hacked
However, during the last couple weeks I noticed to of my newer Cpanel machines not sending me out any emails for pop accounts that send out a lot of email. I saw in both cases tons of emails sent out by pop accounts, verifiable via the exim_mainlog and no email warnings. Also, I noticed that by checking the exim_mainlog I could see that CSF is sending out emails for other issues, but not relays.Here is how it is now set up in my csf.conf file (I lowered the number from 100 to 50 to see wether pop account abusers got smart and are limiting their emails to 99 per hour or less.
# This option triggers for external email
RT_RELAY_ALERT = "1"
RT_RELAY_LIMIT = "100"
RT_RELAY_BLOCK = "0"
# This option triggers for email authenticated by SMTP AUTH
RT_AUTHRELAY_ALERT = "1"
RT_AUTHRELAY_LIMIT = "50"
RT_AUTHRELAY_BLOCK = "0"
# This option triggers for email authenticated by POP before SMTP
RT_POPRELAY_ALERT = "1"
RT_POPRELAY_LIMIT = "50"
RT_POPRELAY_BLOCK = "0"
# This option triggers for email sent via /usr/sbin/sendmail or /usr/sbin/exim
RT_LOCALRELAY_ALERT = "1"
RT_LOCALRELAY_LIMIT = "50"
# This option triggers for email sent via a local IP addresses
RT_LOCALHOSTRELAY_ALERT = "1"
RT_LOCALHOSTRELAY_LIMIT = "50"
But I have yet to receive an email warning me of any such abuse or not even mailiing lists that I know generate more than 100 emails per hour. Any ideas what I may be missing?
Thanks in advance to anyone who can enlighten me on this subject!