Re: Sendmail Security Violation?
Jimmy Richards wrote:
> Hi There Fellow Debianites,
>
> I got the following message from logcheck.
>
> May 23 06:13:15 c243491-a sm-mta[407]: f4NCCqk7000407:
> from=<bounce-debian-user=linuxrh=home.com@lists.debian.org>, size=2433,
> class=-30, nrcpts=1,
> msgid=<RlSMq.A.BAD.KR4C7@murphy>, proto=ESMTP, daemon=MTA,
> relay=longshot@localhost [127.0.0.1]
>
> Is there anyone who might know why this would be reported as a security
> violation? When I set up sendmail I said 'yes' to using dns. Perhaps at
> that moment it was unable to do a reverse lookup of the senders
> hostname? I dunno, just a guess. I am just a single desktop user at my
> own home, so no big deal. I am just curious.
>
> Thanks,
>
> Jimmy Richards
>
logcheck will flag anything that is in /etc/logcheck/logcheck.violations,
unless it is overridden in the logcheck.violations.ignore file
See the BAD, in msgid=<R1SMq.A.BAD....>? Sendmail just happened to use those
random characters, and logcheck triggered.
That's what flagged it. I wouldn't go changing the logcheck.violations file
though. Take a look at the rest of the files, and see if that helps you
understand how logcheck works. The man pages are quite decent to learn from.
mike dresser
sysadmin,
windsor machine & stamping
Reply to: