[Logcheck-devel] Bug#443908: /etc/logcheck/ignore.d.server/bind: [bind] unexpected RCODE (NOTIMP)
Justin Pryzby
jpryzby+d at quoininc.com
Tue Sep 25 03:36:05 UTC 2007
On Mon, Sep 24, 2007 at 11:09:10PM -0400, Frédéric Brière wrote:
> On Mon, Sep 24, 2007 at 06:55:34PM -0400, Justin Pryzby wrote:
> > Aren't some of these worth reporting? eg. REFUSED and NOTAUTH are
> > probably okay for a workstation.
>
> But regardless of whether that would be better or not, you can't let
> them through at workstation level without opening the floodgates at
> server level, can you?
I meant that I thought it was okay to *filter out* (not pass) REFUSED
and NOTAUTH on a workstation but that they shouldn't be filtered on a
server. Worstation filtering is a superset of server filtering (fewer
messages are passed).
> > The bind message says "Unexpected" so should these really be filtered?
>
> Short answer: I would argue so. (But see below.)
>
> Long answer: These error messages indicate a misconfiguration of someone
> else's server. What typically happens is that a spammer sends his crap
Okay, I think I'm convinced.
Thanks
Justin
More information about the Logcheck-devel
mailing list