Joachim Vorrath wrote: > Hi All, > > How can i fix that? > > > OSSEC HIDS Notification. > > 2008 May 15 19:05:10 > > > > Received From: www->/var/log/maillog > > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." > > Portion of the log(s): > > > > May 15 19:05:09 www smf-sav[12380]: sender check tempfailed: > <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>>, 78.162.69.28, > [78.162.69.28], [00:01:00] > > > > In sendmail_rules.xml there was a part for it > <!-- Rules for SMF-SAV --> > rule 3190 and 3191 > also a part in decoder.xml > but in my opinion it's only for 'sender check failed' > not for 'sender check tempfailed'! > > > I'm running OSSEC 1.5 local. > > > > cheers, > > Jochen > > > > ______________________________________ > XamimeLT - installed on mailserver for domain at vorrath-net.de > Queries to: postmaster at vorrath-net.de
You might find rule 1002 in syslog_rules.xml (The rule triggering the alert) helpful. I assume by fixing it you want to make the alerts go away. If that is the case the following link should be helpful. http://www.ossec.net/wiki/index.php/Know_How:Email_Alerts_below_7 Rob
