Logs and how to read them
Mike Rambour
mikey at b2systems.com
Wed Apr 21 22:32:36 UTC 2004
At 03:06 PM 4/21/2004, you wrote:
>What tells you that these two independent maillog entries were relay
>attempts? They are incomplete, at least incomplete pasted. If you want
>to inverstigate you must search the maillog for the queue ID and not the
>sendmail PID: so search for "MAA01067" and "MAA01214" and not
>"sendmail[1067]" or "sendmail[1214]". But I am very doubtful that both
I am not sure there were relay attempts, they were not incompletely
pasted they were complete and there are NO other lines in /var/log/maillog
to correspond to them. Most items in maillog have 2 lines for each PID,
but I have maybe a dozen that only have one line, I posted only 2 examples
of those. It is because those are different that I am concerned they are
relayed, they may not be. As I mentioned, I am a newbie thrown into this
by my boss due to a departing system manager. When I picked this
responsibility up (with protest), I found that we were running a un-updated
Fedora, it took 2 days to get updated. I am now enjoying this process of
searching and looking for answers. This is FUN a lot more than what I was
doing for this company.
>As advised by Peter you better ask your ISP for details of the SPAM
>report.
I have asked but not received these yet.
>Are you running Apache on the mailserver too? If yes you might have a
>misusable formmail on it through which foreign people can send SPAM.
There is Apache running but no formail or like that, only one form sends
mail through a PERL program and its sends mail to me only and writes a log
file.
>http://spamlinks.openrbl.org/tools-relay.htm
didnt know about the spamlinks one, ran the other 2
Thanks for the help
mike
More information about the fedora-list
mailing list