Michael, Ahh... that explains it. I had turned on the "POP Before SMTP Relaying" and still had the entries so I was confused. I'll see if I can tweak the rule to ignore the particular false positive.
Thanks! Paul At 08:03 AM 10/25/2001 +0200, you wrote: >Sorry, Paul, I was wrong with my last response to your problem. >In fact your are getting false positives from logcheck, >because the log entries contained the string BAD (case-indipendant) > >Logcheck is preconfigured to flag any lines containing BAD >as security violations. :-) > >Greetings >Michael > > >P Ferwerda wrote: > >>I recently turned on logcheck for the first time and am getting the following >security violations. It isn't clear to me why they are security violations. Should >I be shutting this access off in some fashion? >>[...] >> >>>Security Violations >>>=-=-=-=-=-=-=-=-=-= >>>Oct 24 08:48:29 www sendmail[4114]: IAA04112: [EMAIL PROTECTED], >ctladdr=httpd (15/11), delay=00:00:05, xdelay=00:00:05, mailer=esmtp, >relay=mc1.law5.hotmail.com. [64.4.55.71], stat=Sent (Requested mail action okay, >completed) >>>[...] > > >_______________________________________________ >cobalt-security mailing list >[EMAIL PROTECTED] >http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
