From: "Tuc at T-B-O-H.NET" <[EMAIL PROTECTED]>
Recognize that you likely have two different "problems."
The clean simply means spamd correctly processed a message that was not
spam.
Right, I know. I was trying to point out that every time I had a
clean message, I had one of those attempts... Showing it was
related in my investigation.
It looked like the number of spamd messages didn't match the number
of nologin messages, hence my guess. {^_-}
The attempted login messages are some other item attempting to
break into your machine on the root account. I'd suspect an ssh based
attack.
Actually, no, its not. SSH is closed up pretty tight, open to only
a single box in the datacenter.
It turns out the solution to this was to put :
SHELL=/bin/sh
in the top of each users .procmailrc that ran spamc.
Ah, that would make a difference in some cases. I note that I do not
have that in the ones here and do not see the nologin messages. I
wonder what the difference is.
{^_^}
