[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] stat=Sent (Requested mail action okay, completed)
- Subject: Re: [cobalt-security] stat=Sent (Requested mail action okay, completed)
- From: P Ferwerda <loptson@xxxxxxxxxxxx>
- Date: Thu, 25 Oct 2001 20:03:39 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Michael,
Ahh... that explains it. I had turned on the "POP Before SMTP Relaying" and still had the entries so I was confused. I'll see if I can tweak the rule to ignore the particular false positive.
Thanks!
Paul
At 08:03 AM 10/25/2001 +0200, you wrote:
>Sorry, Paul, I was wrong with my last response to your problem.
>In fact your are getting false positives from logcheck,
>because the log entries contained the string BAD (case-indipendant)
>
>Logcheck is preconfigured to flag any lines containing BAD
>as security violations. :-)
>
>Greetings
>Michael
>
>
>P Ferwerda wrote:
>
>>I recently turned on logcheck for the first time and am getting the following security violations. It isn't clear to me why they are security violations. Should I be shutting this access off in some fashion?
>>[...]
>>
>>>Security Violations
>>>=-=-=-=-=-=-=-=-=-=
>>>Oct 24 08:48:29 www sendmail[4114]: IAA04112: to=BadDog154@xxxxxxxxxxx, ctladdr=httpd (15/11), delay=00:00:05, xdelay=00:00:05, mailer=esmtp, relay=mc1.law5.hotmail.com. [64.4.55.71], stat=Sent (Requested mail action okay, completed)
>>>[...]
>
>
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security