RE: [cobalt-users] Portsentry Logcheck

[Rodolfo Paiz <rpaiz@xxxxxxxxxxxxxx>]

> One, is there a resource where I can find out what all the
> different Logcheck entries mean.

LogCheck is only reading your logs. You must read the documentation for
the programs creating those logs. The program who created the log is
listed at the beginning of the line which has this format:

date time host daemon[pid]

The one that says daemon (sendmail in the logs you quoted) is the one
producing the log.

> Second, I've included a piece from from the log which I am
> receiving. Can anybody tell me what this means?
> I have no idea who bastel@xxxxxxxxxxxxxxxxxxxxxxxxx is?
>
> Mar 17 17:00:03 ns sendmail[25027]: NOQUEUE: localhost
> [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during
> connection to MTA

Your server connected to its own sendmail port, then immediately hung up
on it without asking anything. This is the Active Monitor checking to
see that sendmail is actually running. You'll see this every 15 minutes
(along with a few others); and you can search the archives for Active
Monitor or "every 15 minutes" for MUCH more detail.

Learn how to make logcheck ignore these.

> Mar 17 17:07:03 ns sendmail[25271]: f2HH4Wu25271: ruleset=check_mail,
> arg1=<bastel@xxxxxxxxxxxxxxxxxxxxxxxxx>, relay=mailhost.cg48.fr
> [62.161.245.241], reject=451 4.1.8
<bastel@xxxxxxxxxxxxxxxxxxxxxxxxx>...
> Domain of sender address bastel@xxxxxxxxxxxxxxxxxxxxxxxxx
> does not resolve

Your server rejected someone trying to send mail through your server
because the domain name did not resolve properly. It is trying to
prevent spam coming through your server without your authorization. If
you view your /var/log/maillog file and go to this message, there will
be a second message right next to it showing whom it was to/from.

--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx <mailto:rpaiz@xxxxxxxxxxxxxx>