From owner-freebsd-questions@FreeBSD.ORG  Wed Dec 13 23:32:58 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 408C416A407
	for <freebsd-questions@freebsd.org>;
	Wed, 13 Dec 2006 23:32:58 +0000 (UTC)
	(envelope-from lane@joeandlane.com)
Received: from elasmtp-spurfowl.atl.sa.earthlink.net
	(elasmtp-spurfowl.atl.sa.earthlink.net [209.86.89.66])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DCE4843CA3
	for <freebsd-questions@freebsd.org>;
	Wed, 13 Dec 2006 23:29:21 +0000 (GMT)
	(envelope-from lane@joeandlane.com)
Received: from [66.47.111.183] (helo=joeandlane.com)
	by elasmtp-spurfowl.atl.sa.earthlink.net with asmtp (Exim 4.34)
	id 1GudYq-0006ic-Fj
	for freebsd-questions@freebsd.org; Wed, 13 Dec 2006 18:30:52 -0500
Received: from joeandlane.com (localhost.localnet.local [127.0.0.1])
	by joeandlane.com (8.13.8/8.13.1) with ESMTP id kBDNXX6V003993
	for <freebsd-questions@freebsd.org>;
	Wed, 13 Dec 2006 17:33:33 -0600 (CST)
	(envelope-from lane@joeandlane.com)
Received: from localhost (localhost [[UNIX: localhost]])
	by joeandlane.com (8.13.8/8.13.1/Submit) id kBDNXWMA003992
	for freebsd-questions@freebsd.org; Wed, 13 Dec 2006 17:33:32 -0600 (CST)
	(envelope-from lane@joeandlane.com)
X-Authentication-Warning: joeandlane.com: lholcombe set sender to
	lane@joeandlane.com using -f
From: Lane <lane@joeandlane.com>
To: freebsd-questions@freebsd.org
Date: Wed, 13 Dec 2006 17:33:32 -0600
User-Agent: KMail/1.9.4
References: <20061206034909.27125.qmail@web37214.mail.mud.yahoo.com>
	<200612131657.18164.lane@joeandlane.com>
	<7a4a15bd0612131522t2942b44bo4412d1e16c6ed2e6@mail.gmail.com>
In-Reply-To: <7a4a15bd0612131522t2942b44bo4412d1e16c6ed2e6@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200612131733.32763.lane@joeandlane.com>
X-CD-SOLUTIONS-MailScanner-Information: Please contact the ISP for more
	information
X-CD-SOLUTIONS-MailScanner: Found to be clean
X-CD-SOLUTIONS-MailScanner-From: lane@joeandlane.com
X-ELNK-Trace: e56a4b6ca9bdfda11aa676d7e74259b7b3291a7d08dfec79b0db60d0464bec585318895add62c13e350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 66.47.111.183
Subject: Re: how do I see security logs without turning on sendmail?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Dec 2006 23:32:58 -0000

On Wednesday 13 December 2006 17:22, Tuareg wrote:
> On 12/13/06, Lane <lane@joeandlane.com> wrote:
> > Tuareg,
> >
> > Yours is a mystery.
>
> Exactly... I  can't  find how the server is sending the emails without
> having sendmail active.
>
> Let's see the output of
>
> > tail -200 /var/log/maillog
> >
> > from the working machine.
>
> Ok, here we go....
>
> Dec 13 00:00:00 myhost newsyslog[41433]: logfile turned over
> Dec 13 00:00:02 myhost sendmail[41485]: gethostbyaddr(xxx.xxx.xxx.xxx)
> failed: 1
> Dec 13 00:00:02 myhost sendmail[41485]: kBD602j41485: from=root, size=137,
> class=0, nrcpts=1, msgid=<
> 200612130600.kBD602j41485@server.FreeBSD.4.6-RELEASE>, relay=root@localhost
> Dec 13 00:00:03 myhost sendmail[41488]: kBD602j41485: to=
> user@main.server.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01,
> mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx],
> dsn=2.0.0, stat=Sent (AYP95973 Message accepted for delivery)
> Dec 13 01:00:02 myhost sendmail[41626]: gethostbyaddr(xxx.xxx.xxx.xxx)
> failed: 1
> Dec 13 01:00:03 myhost sendmail[41626]: kBD702J41626: from=root, size=137,
> class=0, nrcpts=1, msgid=<
> 200612130700.kBD702J41626@server.FreeBSD.4.6-RELEASE>, relay=root@localhost
> Dec 13 01:00:04 myhost sendmail[41629]: kBD702J41626: to=
> user@main.server.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:01,
> mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx],
> dsn=2.0.0, stat=Sent (AYM94014 Message accepted for delivery)

Tuareg,

clearly sendmail is running.  That is indicated by "sendmail[41626]" in 
your /var/log/sendmail log.

The question, of course, is how does it get started.  The answer is still 
mysterious ... unless, of course, it is being managed by squid.  In that case 
it might not be running as a daemon process, but could be invoked by squid 
when it needs to send mail.  

But I'm just guessing at this point.  I really don't know enough about squid 
to give you an authoritative answer.

I've got to step out for a few hours, but I'll see what I can find out on 
squid and get back to you in the morning.

lane