Jimmy Richards wrote: > Hi There Fellow Debianites, > > I got the following message from logcheck. > > May 23 06:13:15 c243491-a sm-mta[407]: f4NCCqk7000407: > from=<[EMAIL PROTECTED]>, size=2433, > class=-30, nrcpts=1, > msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, > [EMAIL PROTECTED] [127.0.0.1] > > Is there anyone who might know why this would be reported as a security > violation? When I set up sendmail I said 'yes' to using dns. Perhaps at > that moment it was unable to do a reverse lookup of the senders > hostname? I dunno, just a guess. I am just a single desktop user at my > own home, so no big deal. I am just curious. > > Thanks, > > Jimmy Richards >
logcheck will flag anything that is in /etc/logcheck/logcheck.violations, unless it is overridden in the logcheck.violations.ignore file See the BAD, in msgid=<R1SMq.A.BAD....>? Sendmail just happened to use those random characters, and logcheck triggered. That's what flagged it. I wouldn't go changing the logcheck.violations file though. Take a look at the rest of the files, and see if that helps you understand how logcheck works. The man pages are quite decent to learn from. mike dresser sysadmin, windsor machine & stamping
