[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] stat=Sent (Requested mail action okay, completed)
- Subject: Re: [cobalt-security] stat=Sent (Requested mail action okay, completed)
- From: P Ferwerda <loptson@xxxxxxxxxxxx>
- Date: Wed, 24 Oct 2001 20:02:23 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
What is strange is that sometimes logcheck prints out:
>Security Violations
>=-=-=-=-=-=-=-=-=-=
>Oct 24 04:54:16 www sendmail[26693]: EAA26693: ruleset=check_rcpt, arg1=openrelays@xxxxxxxxxxxxx, relay=raptor.tera-byte.com [216.234.161.11], reject=550 openrelays@xxxxxxxxxxxxxxxx Relaying denied. Please check your mail first or restart your mail session.
which implies that relaying is denied. I realize that this is a newbie question, but how do I tell if what relays are in my relay table? Are they defined in my /etc/mail/localip and /etc/mail/popip?
Michael suggested installing poprelay. It is installed on my Raq3 but doesn't appear to be configured. I think I'll try the Control Panel "POP Before SMTP Relaying" with the default 15 minute Relay Window and see if that helps.
Paul
At 04:56 PM 10/24/2001 -0400, you wr
ote:
>If the relays are in your relay table, its not a security violation.
>However, if the relays are not in your relay table, it most certainly is
>unauthorized access to your server.
>
>Logcheck doesn't know the difference.
>
>Kevin
>
>----- Original Message -----
>From: "P Ferwerda" <loptson@xxxxxxxxxxxx>
>To: <cobalt-security@xxxxxxxxxxxxxxx>
>Sent: Wednesday, October 24, 2001 3:30 PM
>Subject: [cobalt-security] stat=Sent (Requested mail action okay, completed)
>
>
>> I recently turned on logcheck for the first time and am getting the
>following security violations. It isn't clear to me why they are security
>violations. Should I be shutting this access off in some fashion?
>>
>> Thanks,
>> Paul
>>
>>
>> >Security Violations
>> >=-=-=-=-=-=-=-=-=-=
>> >Oct 24 08:48:29 www sendmail[4114]: IAA04112: to=BadDog154@xxxxxxxxxxx,
>ctladdr=httpd (15/11), delay=00:00:05, xdelay=00:00:05, mailer=esmtp,
>relay=mc1.law5.hotmail.com. [64.4.55.71], stat=Sent (Requested mail action
>okay, completed)
>> >Oct 24 10:23:28 www sendmail[8331]: KAA08329: to=johnnybbad28@xxxxxxx,
>ctladdr=httpd (15/11), delay=00:00:11, xdelay=00:00:11, mailer=esmtp,
>relay=mailin-03.mx.aol.com. [205.188.156.186], stat=Sent (OK)
>> >Oct 24 10:23:40 www sendmail[8389]: KAA08387: to=johnnybbad28@xxxxxxx,
>ctladdr=httpd (15/11), delay=00:00:06, xdelay=00:00:06, mailer=esmtp,
>relay=mailin-03.mx.aol.com. [205.188.156.186], stat=Sent (OK)
>> >Oct 24 10:23:45 www sendmail[8392]: KAA08390: to=BadDog154@xxxxxxxxxxx,
>ctladdr=httpd (15/11), delay=00:00:11, xdelay=00:00:11, mailer=esmtp,
>relay=mc7.law5.hotmail.com. [64.4.42.7], stat=Sent (Requested mail action
>okay, completed)
>> >Oct 24 10:23:46 www sendmail[8334]: KAA08332: to=BadDog154@xxxxxxxxxxx,
>ctladdr=httpd (15/11), delay=00:00:29, xdelay=00:00:29, mailer=esmtp,
>relay=mc3.law13.hotmail.com. [64.4.49.135], stat=Sent (Requested mail action
>okay, completed)
>> >Oct 24 10:24:01 www sendmail[8474]: KAA08472: to=BadDog154@xxxxxxxxxxx,
>ctladdr=httpd (15/11), delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
>relay=mc7.law13.hotmail.com. [65.54.232.7], stat=Sent (Requested mail action
>okay, completed)
>> >Oct 24 10:24:01 www sendmail[8471]: KAA08469: to=johnnybbad28@xxxxxxx,
>ctladdr=httpd (15/11), delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
>relay=mailin-01.mx.aol.com. [64.12.136.57], stat=Sent (OK)
>>
>>
>>
>> _______________________________________________
>> cobalt-security mailing list
>> cobalt-security@xxxxxxxxxxxxxxx
>> http://list.cobalt.com/mailman/listinfo/cobalt-security
>>
>
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security