On Mar 07, 2010, Graham Murray wrote:
> I am receiving a number of undeliverable mail report for psad alerts,
> which show the failure reason:-
>
> <<< 554 5.6.1 Eight bit data not allowed
> 554 5.0.0 Service unavailable
I suspect that the 8-bit data is coming from 'whois' output of scanning
IP addresses. Sometimes the whois output contains strange data associated
with IP's in China and the like. I could have psad replace non-ascii
output with 'NA' or something on a character-by-character basis. Maybe
this could be an option that would be disabled by default though, since
others may want such data included.
One way you can see if the above theory is correct is to take a look at
the /var/log/psad//whois files. If you see one of these undeliverable
mail notices, then you can try to map it back to the IP in question by
looking in the /var/log/messages file for a scan reported by psad around
the same time.
Thanks,
--Mike
--
Download IntelĀ® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
