[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] RaQ4 - list.cobalt.com relaying through our server?

Subject: RE: [cobalt-users] RaQ4 - list.cobalt.com relaying through our server?
From: "Greg O'Lone" <greg@xxxxxxxxxxxxxxxx>
Date: Sat Dec 21 08:33:00 2002
Organization: Stretched Out Software Inc
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx 
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Steve Werby
> Sent: Saturday, December 21, 2002 12:26 AM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] RaQ4 - list.cobalt.com relaying 
> through our server?
> 
> 
> "Greg O'Lone" <greg@xxxxxxxxxxxxxxxx> wrote:
> > Recently been getting relay warnings from my box about
> > list.cobalt.com....but if I block it I can't subscribe to 
> the list. Any
> > ideas?
> >
> > Here is what logsentry sent me:
> >
> > Security Violations
> > =-=-=-=-=-=-=-=-=-=
> > Dec 20 19:47:12 www sendmail[12125]: gBL0lC012125:
> > from=<cobalt-users-admin@xxxxxxxxxxxxxxx>, size=4751, class=-60,
> > nrcpts=1, msgid=<>, 
> proto=ESMTP,
> > daemon=MTA, relay=list.cobalt.com [12.40.201.23]
> 
> Greg, it appeared in your LogSentry report because it matched 
> the string
> "bad" ("badboy" in msgid).  Meaningless matches are quite common since
> LogSentry simply checks for text patterns that match those listed in a
> couple of files (logcheck.hacking and logcheck.violations), ignoring
> patterns listed in the 2 *.ignore files.
> 
> [root logsentry-1.1.1]# grep -i "bad" logcheck.violations
> BAD
> 
> So this pattern will report a login by a user "sinbad" and a 
> msgid with
> string "badboy" as well as legitimate error codes with the 
> word "bad" in
> them.  Read the LogSentry docs (INSTALL, README.* files in 
> source distro.)
> and inspect the 4 files I mentioned above and you'll 
> understand what's being
> reported to you, why and how you can change what is or isn't 
> reported.  If
> you haven't modified these files and you look at your 
> LogSentry reports
> closely you'll probably notice that a good chunk of each 
> report is filled
> with log records that have little to do with security and do 
> nothing, but
> make the report longer and more time consuming to read 
> through.  That's not
> a swipe at LogSentry, just a sign that LogSentry and many 
> other programs
> need to be tweaked to meet your needs.
> 

Whew! Thanks Steve. I've tweaked the files quite a bit, this one looked
a little more ominous and it never hurts to get a second opinion!


Greg

References:
- Re: [cobalt-users] RaQ4 - list.cobalt.com relaying through our server?
  - From: Steve Werby

Prev by Date: Re: [cobalt-users] RaQ4 - list.cobalt.com relaying through our server?
Next by Date: Re: [cobalt-users] RaQ XTR cant set up ASP - MySQL from pkgmaster
Previous by thread: Re: [cobalt-users] RaQ4 - list.cobalt.com relaying through our server?
Next by thread: [cobalt-users] Problem facing with spamd

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index