Ricardo, You're seeing the results of logcheck, which is run as part of /etc/cron.daily. logcheck searches the system log files for strings from its configuration files, which are in /etc/logcheck/. The messages are classified according to which config file has the matching string. The goal is to alert you about unusual things that occur on your system.
Unfortunately, sometime you get unexpected (and surprising) matches. For example, the word "BAD" is in the violations file. Since postfix uses hexadecimal numbers to identify mail messages, "BAD" can appear in one of the numbers. When this happens (as it has for me), a "violation" warning is issued. So, when you read the warnings, you must interpret them. You are, after all, smarter than the stupid computer and you can do a better job of determining if a warning is correct or not. David P.S. If you get lots of false warnings from postfix (or any other program), you could add strings to /etc/logcheck/violations.ignore. At 02:46 PM 9/5/02, Ricardo Castanho de O. Freitas wrote: >What could be happening in here? >I don't understand why "security violations"... >I use Postfix... > >Is it any misconfig (Postifix)? > >TIA > >Ricardo > >---------- Forwarded message ---------- >Subject: home.english-quest.com.br 09/05/02:04.02 system check >Date: Thu, 05 Sep 2002 04:02:04 -0300 > > >Security Violations >=-=-=-=-=-=-=-=-=-= >Sep 5 03:18:04 home -- root[10079]: ROOT LOGIN ON tty1 >Sep 4 04:50:05 home postfix/qmgr[1643]: 01C5F8AEF3: >from=<[EMAIL PROTECTED]>, size=23291, nrcpt=1 >(queue active) >Sep 4 07:03:10 home postfix/cleanup[17463]: 6855B8AEF5: >message-id=<038901c253f8$66fbad80$7a0aa8c0@HOC0105> >Sep 4 08:40:36 home postfix/qmgr[1643]: 4292C8AEF3: >from=<[EMAIL PROTECTED]>, size=27856, nrcpt=1 >(queue active) >Sep 4 12:58:55 home postfix/qmgr[1643]: 5781F8AEF3: >from=<[EMAIL PROTECTED]>, size=29357, nrcpt=1 >(queue active) >Sep 4 16:34:40 home postfix/qmgr[1643]: AAA8A8AEF7: >from=<[EMAIL PROTECTED]>, size=11719, nrcpt=1 >(queue active) >Sep 4 17:26:04 home postfix/cleanup[18630]: 6F0978AEF7: >message-id=<[EMAIL PROTECTED]> >Sep 4 23:05:31 home postfix/qmgr[1643]: 728568AEF4: >from=<[EMAIL PROTECTED]>, size=30654, nrcpt=1 >(queue active) > > > >-- >========================================================== >Linux user # 102240 => Machine # 96125 => Seti@home user >========================================================== > > >Want to buy your Pack or Services from MandrakeSoft? >Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
