On Mar 07, 2010, Graham Murray wrote: > I am receiving a number of undeliverable mail report for psad alerts, > which show the failure reason:- > > <<< 554 5.6.1 Eight bit data not allowed > 554 5.0.0 Service unavailable
I suspect that the 8-bit data is coming from 'whois' output of scanning IP addresses. Sometimes the whois output contains strange data associated with IP's in China and the like. I could have psad replace non-ascii output with 'NA' or something on a character-by-character basis. Maybe this could be an option that would be disabled by default though, since others may want such data included. One way you can see if the above theory is correct is to take a look at the /var/log/psad/<IP>/whois files. If you see one of these undeliverable mail notices, then you can try to map it back to the IP in question by looking in the /var/log/messages file for a scan reported by psad around the same time. Thanks, --Mike ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
