It appears that after my server was updated from v68 to v70.0.41, lfd (ConfigServer Security & Firewall - csf v12.03) is repeatedly reporting spamd as suspicious and excessive processs because it's running too long.
I see a pair of notification emails every now and then:
lfd on SERVERNAME: Excessive resource usage: USERNAME (15690 (Parent PID:14162))
lfd on SERVERNAME: Suspicious process running under user USERNAME
Excerpt from the "Excessive resource usage" email:
Time: Wed May 16 07:01:43 2018 -0700
Account: USERNAME
Resource: Process Time
Exceeded: 22283 > 1800 (seconds)
Executable: /usr/local/cpanel/3rdparty/perl/526/bin/perl
Command Line: spamd child
PID: 15690 (Parent PID:14162)
Killed: No
The process uptime is large in this example (6 hours). I don't know the regular behaviour of spamd, if it usually runs for so long or not.
Is this an issue with spamd or lfd?
How do I fix it?
Thanks.
I see a pair of notification emails every now and then:
lfd on SERVERNAME: Excessive resource usage: USERNAME (15690 (Parent PID:14162))
lfd on SERVERNAME: Suspicious process running under user USERNAME
Excerpt from the "Excessive resource usage" email:
Time: Wed May 16 07:01:43 2018 -0700
Account: USERNAME
Resource: Process Time
Exceeded: 22283 > 1800 (seconds)
Executable: /usr/local/cpanel/3rdparty/perl/526/bin/perl
Command Line: spamd child
PID: 15690 (Parent PID:14162)
Killed: No
The process uptime is large in this example (6 hours). I don't know the regular behaviour of spamd, if it usually runs for so long or not.
Is this an issue with spamd or lfd?
How do I fix it?
Thanks.