[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] stat=Sent (Requested mail action okay, completed)

Subject: Re: [cobalt-security] stat=Sent (Requested mail action okay, completed)
From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
Date: Wed, 24 Oct 2001 16:56:24 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

If the relays are in your relay table, its not a security violation.
However, if the relays are not in your relay table, it most certainly is
unauthorized access to your server.

Logcheck doesn't know the difference.

Kevin

----- Original Message -----
From: "P Ferwerda" <loptson@xxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Wednesday, October 24, 2001 3:30 PM
Subject: [cobalt-security] stat=Sent (Requested mail action okay, completed)


> I recently turned on logcheck for the first time and am getting the
following security violations.  It isn't clear to me why they are security
violations.  Should I be shutting this access off in some fashion?
>
> Thanks,
> Paul
>
>
> >Security Violations
> >=-=-=-=-=-=-=-=-=-=
> >Oct 24 08:48:29 www sendmail[4114]: IAA04112: to=BadDog154@xxxxxxxxxxx,
ctladdr=httpd (15/11), delay=00:00:05, xdelay=00:00:05, mailer=esmtp,
relay=mc1.law5.hotmail.com. [64.4.55.71], stat=Sent (Requested mail action
okay, completed)
> >Oct 24 10:23:28 www sendmail[8331]: KAA08329: to=johnnybbad28@xxxxxxx,
ctladdr=httpd (15/11), delay=00:00:11, xdelay=00:00:11, mailer=esmtp,
relay=mailin-03.mx.aol.com. [205.188.156.186], stat=Sent (OK)
> >Oct 24 10:23:40 www sendmail[8389]: KAA08387: to=johnnybbad28@xxxxxxx,
ctladdr=httpd (15/11), delay=00:00:06, xdelay=00:00:06, mailer=esmtp,
relay=mailin-03.mx.aol.com. [205.188.156.186], stat=Sent (OK)
> >Oct 24 10:23:45 www sendmail[8392]: KAA08390: to=BadDog154@xxxxxxxxxxx,
ctladdr=httpd (15/11), delay=00:00:11, xdelay=00:00:11, mailer=esmtp,
relay=mc7.law5.hotmail.com. [64.4.42.7], stat=Sent (Requested mail action
okay, completed)
> >Oct 24 10:23:46 www sendmail[8334]: KAA08332: to=BadDog154@xxxxxxxxxxx,
ctladdr=httpd (15/11), delay=00:00:29, xdelay=00:00:29, mailer=esmtp,
relay=mc3.law13.hotmail.com. [64.4.49.135], stat=Sent (Requested mail action
okay, completed)
> >Oct 24 10:24:01 www sendmail[8474]: KAA08472: to=BadDog154@xxxxxxxxxxx,
ctladdr=httpd (15/11), delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
relay=mc7.law13.hotmail.com. [65.54.232.7], stat=Sent (Requested mail action
okay, completed)
> >Oct 24 10:24:01 www sendmail[8471]: KAA08469: to=johnnybbad28@xxxxxxx,
ctladdr=httpd (15/11), delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
relay=mailin-01.mx.aol.com. [64.12.136.57], stat=Sent (OK)
>
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

Follow-Ups:
- Re: [cobalt-security] stat=Sent (Requested mail action okay, completed)
  - From: P Ferwerda

References:
- [cobalt-security] stat=Sent (Requested mail action okay, completed)
  - From: P Ferwerda

Prev by Date: Re: [cobalt-security] stat=Sent (Requested mail action okay, completed)
Next by Date: Re: [cobalt-security] stat=Sent (Requested mail action okay, completed)
Previous by thread: Re: [cobalt-security] stat=Sent (Requested mail action okay, completed)
Next by thread: Re: [cobalt-security] stat=Sent (Requested mail action okay, completed)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index