[Logcheck-devel] Bug#319547: Legitime email addresses causes (false) "Security Events"
Rainer Zocholl
UseNet-Posting-Nospam-74308- at zocki.toppoint.de
Fri Jul 22 23:22:00 UTC 2005
Package: logcheck
Version: 1.2.39
Hello
from time to time i get such (false) "Security Event".
after a while you will see the
message-ID "ZYNEgi0Z1.bKYuiJRtHC2 at illegal2.msn.com"
containing the nagic word "illegal"...
Question:
Can't that be abused for DoS or logfile floodding because it's
only to the sender to use "trigger words", not only in hosts but
in mail from too?
Of cause i could defined violation ignores, but i think that's
a more general problem, or?
Security Events
=-=-=-=-=-=-=-=
Jul 22 23:00:35 host sm-mta[13658]: j6ML0Z8M013658: from=<levulose at rr.com>,
size=1586, class=0, nrcpts=1, msgid=<ZYNEgi0Z1.bKYuiJRtHC2 at illegal2.msn.com>,
proto=ESMTP, daemon=MTA, relay=xxxxx [nnn.nnn.nnn.]
More information about the Logcheck-devel
mailing list