some questions i've been meaning to ask for awhile...
1. when a logging request is handled and matched by a rule, does logging end there (as with procmail) or does it continue for further logging? in other words, in this example: *.emerg * mail.emerg /var/log/mail.emerg do mail emergencies get forwarded to all logged in users AND get logged to a file? or do they just get forwarded to all logged in users? 2. is there any way to determine the facility log level of a message? for instance, once this message got logged: Jul 25 10:29:06 satan lpd[17559]: satan requests printjob lp were the facility and log level irretrievably lost? in this example, the facility is lpr, not lpd (there's no lpd facility). and the level is probably "info" or something like that. it would be useful to know for sure. 3. i wrapped exim with tcpd so i can use hosts.deny to "blackhole" domains that constantly spam. that means i get logs in daemon.log like: Jul 29 09:18:19 satan exim[26553]: connect from murphy.debian.org Jul 25 09:06:58 satan exim[15324]: refused connect from 218.5.148.246 everytime anybody makes an SMTP connection. i really don't want to see this. i believe that even though it says "exim", tcpd is doing the actual logging. and since it's a tcpd refusal/acceptance, these messages are no different, in principle, from messages saying that some hacker is trying to connect with portmap, or lucifer is trying to mount an NFS partition from satan. my gut feeling is that i can't stop these exim messages. i'm hoping i'm wrong. any ideas? thanks, pete -- GPG Instructions: http://www.dirac.org/linux/gpg GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
