On Fri, 11 Apr 2003 12:04:29 GMT, rsina spoketh
>On RedHat 9, root gets daily email from Logwatch reporting on various
>security issues. That's very useful for me, since I am my own system admin
>but don't know much about security (don't have important files on the
>machine anyway). There is a section on the Logwatch that reports on
>sendmail issues. I have an entry that states a relaying was denied. Does
>the logwatch also report when relaying is allowed? For me that is more
>important to know.
>I have the updated (security bug fixed) version of sendmail installed and
>obviously have smtp enabled. What is the best way to make sure no relaying
>is ever accepted?
No, logwatch does not report on relaying allowed (by default). Logwatch
reports on "errors" (with regards to sendmail at least).
Since all (successful) mail deliveries are considered relays, there's no
special message logged for specifically allowed relays other than the
normal success message in the log file.
You can write your own additions for the logwatch sendmail module to
have it report other things, including (possibly) the relays you are
allowing. You're going to have to find a regular expression that'll
match all the relays you are allowing, and collect them ...
Lars M. Hansen
(replace 'badnews' with 'news' in e-mail address)