From owner-freebsd-questions@FreeBSD.ORG Thu Jul 20 02:12:53 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 662FF16A4E2 for ; Thu, 20 Jul 2006 02:12:53 +0000 (UTC) (envelope-from ml@t-b-o-h.net) Received: from vjofn.tucs-beachin-obx-house.com (vjofn.tucs-beachin-obx-house.com [204.107.90.128]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD7BD43D53 for ; Thu, 20 Jul 2006 02:12:52 +0000 (GMT) (envelope-from ml@t-b-o-h.net) Received: (from tbohml@localhost) by vjofn.tucs-beachin-obx-house.com (8.12.9/8.12.9) id k6K2Cpro008129; Wed, 19 Jul 2006 22:12:51 -0400 (EDT) From: Tuc at T-B-O-H Message-Id: <200607200212.k6K2Cpro008129@vjofn.tucs-beachin-obx-house.com> To: darek@nyi.net (Darek M) Date: Wed, 19 Jul 2006 22:12:51 -0400 (EDT) In-Reply-To: <44BD9E84.1030905@nyi.net> from "Darek M" at Jul 18, 2006 10:52:52 PM X-Mailer: ELM [version 2.5 PL6] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: "Tuc at T-B-O-H.NET" , freebsd-questions@freebsd.org Subject: (SOLVED) nologin: Attempted login by root on UNKNOWN X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jul 2006 02:12:53 -0000 > You'll have to figure out how that person is getting access as > apparently they are reaching the box. > Hi, Turns out has NOTHING to do with someone trying to hack the box. I narrowed it down to every time there was a "clean" message from SpamAssassin I would get the message. I put : SHELL=/bin/sh at the top of all the users .procmailrc and it hasn't appeared since. Thanks to everyone who emailed on and off list! Tuc/TBOH