Security Sysadmin CSF Ifd Warning

Trying to figure out why my one server notifies me every time I login and the other one doesn't.
Both are running 09.beta and both are set up the same.

One server always sends out this email when I login:

Code:

Time: Sun Apr 16 21:23:14 2017 +0000
IP: XX.XX.XX.XX
Account: root
Method: publickey authentication

My other server with the exact same setup doesn't notify me when I login.
1. I've compared both the csf.conf from both systems and they're both the same.
2. I checked all the email settings to make sure they're all the same.

I checked from both servers (both the same):

Code:

# cat /etc/csf/alerts/alert.txt

Code:

From: root
To: root
Subject: lfd on [hostname]: blocked [ip]

Time:     [time]
IP:       [ip]
Failures: [ipcount]
Interval: [iptick] seconds
Blocked:  [block]

Log entries:

[text]

Any ideas why one system would send out Ifd emails and the other doesn't?

---

 

The logins are showing up in the lfd log file, just not sending out an email notification.

I am getting other system emails - from cron, cmm update, and csf update files I created and run via cron.

I also tested the outgoing mail via the dkim test and it sent successfully. The only emails not coming out of the system are the lfd emails.

 

Figured it out. Everything is working!

 

I mostly use VPNs. I installed CMM without being connected to a VPN. So, it logged my home IP in the allow and I was testing / setting up the server without being connected to a VPN. I wasn't getting any notices because my IP was whitelisted via the initial install. As soon as I connected to a VPN and logged in, I got the notice.