From owner-freebsd-questions@FreeBSD.ORG Thu Jul 20 14:58:38 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 550A116A4DA for ; Thu, 20 Jul 2006 14:58:38 +0000 (UTC) (envelope-from pcarter@jhu.edu) Received: from ipex1.johnshopkins.edu (ipex1.johnshopkins.edu [162.129.8.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id D1AA843D45 for ; Thu, 20 Jul 2006 14:58:37 +0000 (GMT) (envelope-from pcarter@jhu.edu) Received: from jhem1.johnshopkins.edu ([10.181.31.201]) by ipex1.johnshopkins.edu with ESMTP/TLS/RC4-MD5; 20 Jul 2006 10:58:36 -0400 X-BrightmailFiltered: true X-Brightmail-Tracker: AAAAAA== X-IronPort-AV: i="4.07,163,1151899200"; d="scan'208"; a="45699026:sNHT23781152" Received: from johnshopkins.edu ([10.181.31.211]) by jesmail.johnshopkins.edu (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTP id <0J2P002JZIXP4C70@jesmail.johnshopkins.edu> for freebsd-questions@freebsd.org; Thu, 20 Jul 2006 10:58:37 -0400 (EDT) Received: from [10.181.192.192] (Forwarded-For: [128.220.31.191]) by jesmail.johnshopkins.edu (mshttpd); Thu, 20 Jul 2006 10:58:37 -0400 Date: Thu, 20 Jul 2006 10:58:37 -0400 From: PATRICK CARTER To: freebsd-questions@freebsd.org Message-id: MIME-version: 1.0 X-Mailer: Sun Java(tm) System Messenger Express 6.2-6.01 (built Apr 3 2006) Content-type: text/plain; charset=us-ascii Content-language: en Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: en Priority: normal Subject: Security Run Output E-mail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pcarter@jhu.edu List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jul 2006 14:58:38 -0000 I'm relatively ne to FreeBSD (~6 months of usage) and I have been administering my own system for approximately the last 2 months. Recently my system has received many ssh login attempts on standard user accounts as someone has been attempting to break into my system. I usually read the Security Run Output e-mails to see if the attacker(s) had made any headway, and took necessary precautions (limiting ssh logins etc). However, last week (after it seemed that the attacks had let up somewhat) I stopped receiving the e-mails (as well as the daily run output e-mails). I still read the auth.log file to see login information and it did not appear as though anyone had successfully managed to break into the system. Today the both sets of e-mails started again and I received the e-mails for today and yesterday (I am still missing 5 days worth and one weekly run output). I was wondering if anyone might know how to ensure that I continue to receive these e-mails without interrupti on. If it matters (and I suspect it does) I have all my root e-mails aliased to a locked, nologin dummy account that forwards e-mail to my account, my boss' account, and retains a copy in the dummy account (.forward was not working to forward root's mail). Root's mail client is set to read the dummy account inbox as well as anything that somehow winds up in the regular root mailbox. This setup worked fine until the e-mails stopped last week (none of the listed accounts received the e-mail). Any advice would be greatly appreciated. --Patrick