Hi folks, while logcheck's README.logcheck-database says that cracking.ignore.d is not enabled by default, only README.Maintainer says that packages should not install files there.
However, all mail servers I administer keep spitting stuff like this *all* *the* time: Security Alerts =-=-=-=-=-=-=-= Aug 31 05:31:00 clegg postfix/smtpd[21557]: NOQUEUE: reject: RCPT from unknown[203.154.151.45]: 554 5.7.1 Service unavailable; Client host [203.154.151.45] blocked using list.dsbl.org; http://dsbl.org/listing?203.154.151.45; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=SMTP helo=<BSL4-001.globlex.com> I don't care, and I think the entire cracking.d layer is a joke. Logcheck is not an IDS and it cannot detect ongoing attacks. So instead of maintaining local rules for all systems I administer, I decided to leverage my role as logcheck maintainer and do something about it. And I see two solutions: 1. disable the cracking.d layer 2. duplicate countless postfix rules into cracking.ignore.d and install files there with logcheck-database To be honest, I am much in favour of (1) and shall release logcheck 1.3 in the near future with cracking.d disabled, unless I hear some valid objections. Cheers, -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "being shot is not as bad as i always thought it might be. as long as you can keep the fear from your mind." -- special agent dale cooper spamtraps: [EMAIL PROTECTED]
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
_______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
