New csf v2.46


  • Added auto-detection of additional exim port (same as SSH port) which will be added to TCP_IN on csf installation (or if in TESTING mode)
  • Only report PT_USERMEM and PT_USERTIME PIDs once

New csf v2.45

Changes and new features:

  • Added workaround to restart the bandmin acctboth chains if csf is stopped or (re)started
  • Rewritten the way RELAYHOSTS works so instead of using an iptables chain a check is done at block time on the IP address and if it is in /etc/relayhosts then it will be treated as if it is listed in csf.ignore
  • Enabled RELAYHOSTS by default, which is now a boolean on off (1 or 0) instead of a time interval
  • Added exe:/usr/local/cpanel/bin/logrunner to csf.pignore
  • Added new options PT_USERMEM and PT_USERTIME to report excessive user process usage and optionally PT_USERKILL to kill such processes. An alert is sent using resalert.txt

Want to make spam detection more aggressive?

We’ve recently started including the following SpamAssassin score modifications to help boost the identification of incoming spam with MailScanner. To do it yourself, create a file called /etc/mail/spamassassin/ and add the following lines:

score BAYES_99 5.0score URIBL_SBL 5.0score URIBL_AB_SURBL 5.0score URIBL_OB_SURBL 5.0score URIBL_PH_SURBL 5.0score URIBL_SC_SURBL 5.0score URIBL_WS_SURBL 5.0score URIBL_JP_SURBL 5.0

Then reload MailScanner:

service MailScanner reload

That’s it. This makes your Bayesian database have a greater say in what is very likely to be spam and also boosts the scores of emails that contain URI’s in known spam from various URI RBL spam lists

New csf v2.44


  • Added new option PT_LOAD which will detect if the server load average of choice exceeds a set threshold and send an alert
  • Reduced the DROP_NOLOG default setting to not include ephemeral ports for new installations
  • Moved DROP_NOLOG rules to the LOGDROP chain

New csf 2.43


  • Added new option DROP_PF_LOGGING which will give detailed iptables log information on dropped packets that are INVALID or out of sequence. This can help tracking down why iptables may be blocking certain IP connections