On 18 May 2001, Mark Delany wrote:
> > The log portion I supplied is indicative of all of the stuff
> > related to the aol mail. The PID associated with those messages was not
> > there when I became aware of what was happening, so I can't definitively
> > trace it.
>
> UID != PID
Sorry, I was distracted. The UID was for apache, further evidence
that this was done through a formmail script.
> And, er, qmail-send (with UID) and (tcpserver with PID)
> unconditionally log their UID and PID, so what exactly do you mean by
> "was not there"?
I do not seem to have any tcpserver logs, except for my RBL setup.
Here's the tcpserver invocation:
tcpserver -p -x /etc/tcpserver/tcp.smtp.cdb -u 301 -g 300 0 smtp \
/usr/local/bin/rblsmtpd \
-rrbl.maps.vix.com \
-rinputs.orbs.org \
-routputs.orbs.org \
-rspamsources.orbs.org \
-rspamsource-netblocks.orbs.org \
-runtestable-netblocks.orbs.org \
-rmanual.orbs.org \
-rdialups.mail-abuse.org \
-rrbl.rope.net \
/var/qmail/bin/qmail-smtpd 2>&1 \
| setuidgid qmaill tai64n | setuidgid qmaill tai64nlocal \
| setuidgid qmaill multilog +\* /var/log/rbl &
> But, AOL doesn't help matters as their bounces don't return any
> original header information, blah.
So I've noticed...
--
Roger Walker <http://www.rat-hole.com>
Voice/Fax 1-780-440-2685 <http://www.man-from-linux.com>
"HIS Pain; YOUR Gain" <http://www.rope.net>
<http://www.rope.net/signature.html>
