Very Computer

Hi all,

On RedHat 9, root gets daily email from Logwatch reporting on various
security issues. That's very useful for me, since I am my own system admin
but don't know much about security (don't have important files on the
machine anyway). There is a section on the Logwatch that reports on
sendmail issues. I have an entry that states a relaying was denied. Does
the logwatch also report when relaying is allowed? For me that is more
important to know.

I have the updated (security bug fixed) version of sendmail installed and
obviously have smtp enabled. What is the best way to make sure no relaying
is ever accepted?

Thanks.

On Fri, 11 Apr 2003 12:04:29 GMT, rsina spoketh

Quote:>Hi all,

>On RedHat 9, root gets daily email from Logwatch reporting on various
>security issues. That's very useful for me, since I am my own system admin
>but don't know much about security (don't have important files on the
>machine anyway). There is a section on the Logwatch that reports on
>sendmail issues. I have an entry that states a relaying was denied. Does
>the logwatch also report when relaying is allowed? For me that is more
>important to know.

>I have the updated (security bug fixed) version of sendmail installed and
>obviously have smtp enabled. What is the best way to make sure no relaying
>is ever accepted?

>Thanks.

No, logwatch does not report on relaying allowed (by default). Logwatch
reports on "errors" (with regards to sendmail at least).

Since all (successful) mail deliveries are considered relays, there's no
special message logged for specifically allowed relays other than the
normal success message in the log file.

You can write your own additions for the logwatch sendmail module to
have it report other things, including (possibly) the relays you are
allowing. You're going to have to find a regular expression that'll
match all the relays you are allowing, and collect them ...

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

Quote:> Hi all,

> On RedHat 9, root gets daily email from Logwatch reporting on various
> security issues. That's very useful for me, since I am my own system admin
> but don't know much about security (don't have important files on the
> machine anyway). There is a section on the Logwatch that reports on
> sendmail issues. I have an entry that states a relaying was denied. Does
> the logwatch also report when relaying is allowed? For me that is more
> important to know.

> I have the updated (security bug fixed) version of sendmail installed and
> obviously have smtp enabled. What is the best way to make sure no relaying
> is ever accepted?

> Thanks.

In theory, you would never want to know all of the successful messages in
logwatch.  Imagine if you were running a corporate sendmail server.  Your
"successess" will be in /var/log/maillog.  I would just search/grep through
those files.

ken k

Thanks for your responses. Well, I am the only user on my machine and don't
need info about successful normal emails. What I am actually looking is to
stop  people using my machine to send spam. The sendmail logwatch that I
got was about some machine trying to send email (probably spam) to some
person on another machine; sending it through my machine. That's what I
like to check and make sure doesn't happen.