Bug#319547: [Logcheck-devel] Bug#319547: Legitime email addresses causes (false) "Security Events"

[Jamie L. Penman-Smithson]

reassign 319547 sendmail-base
thanks!

Hey Rainer,

On 24 Jul 2005, at 12:11, Rainer Zocholl wrote:
> debian at sternwelten.at(maximilian attems)  23.07.05 17:48
>> On Sat, 23 Jul 2005, Rainer Zocholl wrote:
>
>>>> from time to time i get such (false) "Security Event".
>>>
>>> Seems to become common practice :-(
>>>
>>> Again an "security event", i assume "promiscuous" in msgid
>>> triggered.
>>>
>>> Jul 23 14:46:26 host sm-mta[25759]: j6NCkQTS025759:
>>> from=<maldivedahomeyretort at mauimail.com>, size=16186, class=0,
>>> nrcpts=1, msgid=<perchance4123456.benz at promiscuous.17.parlance.net>,
>>> proto=ESMTP, daemon=MTA, relay=...
<snip snip>
>> sorry in that case you have to craft your own rules in local-sm-mta
>> inside of violations.ignore.d.
>> guess we can close that "bug" unless other evidence appears.
>
> No, most other such message are suppressed(see rule above)
> Only if the addresse, message IDs etc. contians
> "violation trigger words" a -false- security event is generated.
> That would allow a third party to generate any amount of false
> security events or annoy the postmaster with false positives.
> I assume that will be a possible problem with exim, postfix MTA too,
> as long as logcheck scan these logs.
> Maybe it should be assigned as a sendmail bug?

The sendmail rules for logcheck are provided by the sendmail-base  
package. I'm reassigning.

Thanks,

-j

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060425/9e3a9477/attachment.pgp