What is strange is that sometimes logcheck prints out: >Security Violations >=-=-=-=-=-=-=-=-=-= >Oct 24 04:54:16 www sendmail[26693]: EAA26693: ruleset=check_rcpt, >[EMAIL PROTECTED], relay=raptor.tera-byte.com [216.234.161.11], >reject=550 [EMAIL PROTECTED] Relaying denied. Please check your mail first >or restart your mail session.
which implies that relaying is denied. I realize that this is a newbie question, but how do I tell if what relays are in my relay table? Are they defined in my /etc/mail/localip and /etc/mail/popip? Michael suggested installing poprelay. It is installed on my Raq3 but doesn't appear to be configured. I think I'll try the Control Panel "POP Before SMTP Relaying" with the default 15 minute Relay Window and see if that helps. Paul At 04:56 PM 10/24/2001 -0400, you wr ote: >If the relays are in your relay table, its not a security violation. >However, if the relays are not in your relay table, it most certainly is >unauthorized access to your server. > >Logcheck doesn't know the difference. > >Kevin > >----- Original Message ----- >From: "P Ferwerda" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Wednesday, October 24, 2001 3:30 PM >Subject: [cobalt-security] stat=Sent (Requested mail action okay, completed) > > >> I recently turned on logcheck for the first time and am getting the >following security violations. It isn't clear to me why they are security >violations. Should I be shutting this access off in some fashion? >> >> Thanks, >> Paul >> >> >> >Security Violations >> >=-=-=-=-=-=-=-=-=-= >> >Oct 24 08:48:29 www sendmail[4114]: IAA04112: [EMAIL PROTECTED], >ctladdr=httpd (15/11), delay=00:00:05, xdelay=00:00:05, mailer=esmtp, >relay=mc1.law5.hotmail.com. [64.4.55.71], stat=Sent (Requested mail action >okay, completed) >> >Oct 24 10:23:28 www sendmail[8331]: KAA08329: [EMAIL PROTECTED], >ctladdr=httpd (15/11), delay=00:00:11, xdelay=00:00:11, mailer=esmtp, >relay=mailin-03.mx.aol.com. [205.188.156.186], stat=Sent (OK) >> >Oct 24 10:23:40 www sendmail[8389]: KAA08387: [EMAIL PROTECTED], >ctladdr=httpd (15/11), delay=00:00:06, xdelay=00:00:06, mailer=esmtp, >relay=mailin-03.mx.aol.com. [205.188.156.186], stat=Sent (OK) >> >Oct 24 10:23:45 www sendmail[8392]: KAA08390: [EMAIL PROTECTED], >ctladdr=httpd (15/11), delay=00:00:11, xdelay=00:00:11, mailer=esmtp, >relay=mc7.law5.hotmail.com. [64.4.42.7], stat=Sent (Requested mail action >okay, completed) >> >Oct 24 10:23:46 www sendmail[8334]: KAA08332: [EMAIL PROTECTED], >ctladdr=httpd (15/11), delay=00:00:29, xdelay=00:00:29, mailer=esmtp, >relay=mc3.law13.hotmail.com. [64.4.49.135], stat=Sent (Requested mail action >okay, completed) >> >Oct 24 10:24:01 www sendmail[8474]: KAA08472: [EMAIL PROTECTED], >ctladdr=httpd (15/11), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, >relay=mc7.law13.hotmail.com. [65.54.232.7], stat=Sent (Requested mail action >okay, completed) >> >Oct 24 10:24:01 www sendmail[8471]: KAA08469: [EMAIL PROTECTED], >ctladdr=httpd (15/11), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, >relay=mailin-01.mx.aol.com. [64.12.136.57], stat=Sent (OK) >> >> >> >> _______________________________________________ >> cobalt-security mailing list >> [EMAIL PROTECTED] >> http://list.cobalt.com/mailman/listinfo/cobalt-security >> > >_______________________________________________ >cobalt-security mailing list >[EMAIL PROTECTED] >http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
