Bug#319547: [Logcheck-devel] Bug#319547: Legitime email addresses causes (false) "Security Events"
Jamie L. Penman-Smithson
jamie at silverdream.org
Tue Apr 25 22:31:39 UTC 2006
reassign 319547 sendmail-base
On 24 Jul 2005, at 12:11, Rainer Zocholl wrote:
> debian at sternwelten.at(maximilian attems) 23.07.05 17:48
>> On Sat, 23 Jul 2005, Rainer Zocholl wrote:
>>>> from time to time i get such (false) "Security Event".
>>> Seems to become common practice :-(
>>> Again an "security event", i assume "promiscuous" in msgid
>>> Jul 23 14:46:26 host sm-mta: j6NCkQTS025759:
>>> from=<maldivedahomeyretort at mauimail.com>, size=16186, class=0,
>>> nrcpts=1, msgid=<perchance4123456.benz at promiscuous.17.parlance.net>,
>>> proto=ESMTP, daemon=MTA, relay=...
>> sorry in that case you have to craft your own rules in local-sm-mta
>> inside of violations.ignore.d.
>> guess we can close that "bug" unless other evidence appears.
> No, most other such message are suppressed(see rule above)
> Only if the addresse, message IDs etc. contians
> "violation trigger words" a -false- security event is generated.
> That would allow a third party to generate any amount of false
> security events or annoy the postmaster with false positives.
> I assume that will be a possible problem with exim, postfix MTA too,
> as long as logcheck scan these logs.
> Maybe it should be assigned as a sendmail bug?
The sendmail rules for logcheck are provided by the sendmail-base
package. I'm reassigning.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060425/9e3a9477/attachment.pgp
More information about the Logcheck-devel