Logcheck & sendmail
Rene Scholz
mrz at informatik.uni-jena.de
Mit Jul 21 09:28:30 CEST 2004
moin,
ich benutze hier logcheck auf einem Debian-Stable server.
Leider ist es mir bisher nicht gelungen, diese Warnungen per
/etc/logcheck/ignore.d/local auszuschalten:
Possible Security Violations
=-=-=-=-=-=-=-=-=-=
Jul 20 13:16:09 tantalus sm-mta[22966]: i6KBG9JE022966: ip127-91.cbn.net.id [202.158.127.91] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 20 13:16:09 tantalus sm-mta[22967]: i6KBG9JE022967: ip127-93.cbn.net.id [202.158.127.93] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 20 13:16:09 tantalus sm-mta[22968]: i6KBG9JE022968: ip127-92.cbn.net.id [202.158.127.92] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 20 13:16:09 tantalus sm-mta[22966]: i6KBG9JE022966: ip127-91.cbn.net.id [202.158.127.91] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 20 13:16:09 tantalus sm-mta[22967]: i6KBG9JE022967: ip127-93.cbn.net.id [202.158.127.93] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 20 13:16:09 tantalus sm-mta[22968]: i6KBG9JE022968: ip127-92.cbn.net.id [202.158.127.92] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 20 13:16:11 tantalus sm-mta[22965]: i6KBGBJE022965: ip127-94.cbn.net.id [202.158.127.94] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 20 13:51:05 tantalus sm-mta[23544]: i6KBp5JE023544: [202.158.31.94] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 20 13:51:05 tantalus sm-mta[23545]: i6KBp5JE023545: [202.158.31.93] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 20 13:51:05 tantalus sm-mta[23546]: i6KBp5JE023546: [202.158.31.91] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 20 13:51:05 tantalus sm-mta[23544]: i6KBp5JE023544: [202.158.31.94] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Jul 20 13:51:05 tantalus sm-mta[23545]: i6KBp5JE023545: [202.158.31.93] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
in local steht derzeit:
sm-mta.*: .* .* did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
sm-mta.*: did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
during connection to MTA
sm-mta.*: .*: \[.*\] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
sm-mta.*: .*: .* \[.*\] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
sm-mta\[[0-9]+\]: .*: \[.*\] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
sm-mta\[[0-9]+\]: .*: .* \[.*\] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
sm-mta.*: .*: .*during connection to MTA
(sendmail|sm-(mta|msp|que))\[[0-9]+\]: .*
nichts davon funktioniert ...
(diese Zeile geht: sm-mta.*: STARTTLS=server)
Wie muss man das richtig schreiben und wo ist eig. der Syntax der Konfigfiles erklärt?
danke,
rené
--
"Wer die Freiheit aufgibt, um Sicherheit zu gewinnen,
der wird am Ende beides verlieren" (Benjamin Franklin)
==> Voland @IRC <== 2048/0xF11D6871 2A8D 3F92 4EB8 E55C 3605 D571 38C8 E2B8
mrz at informatik.uni-jena.de http://www.thur.de/~Voland/