Date: Thu, 14 Dec 2006 02:03:19 +0100 From: Armin Arh <armin@pubbox.net> To: Tuareg <tuaregmex@gmail.com> Cc: Lane <lane@joeandlane.com>, freebsd-questions@freebsd.org Subject: Re: how do I see security logs without turning on sendmail? Message-ID: <20061214010319.GB686@pubbox.net> In-Reply-To: <7a4a15bd0612131522t2942b44bo4412d1e16c6ed2e6@mail.gmail.com> References: <20061206034909.27125.qmail@web37214.mail.mud.yahoo.com> <200612131447.28141.lane@joeandlane.com> <7a4a15bd0612131436j7d289ba8h989ba4400b72a3ad@mail.gmail.com> <200612131657.18164.lane@joeandlane.com> <7a4a15bd0612131522t2942b44bo4412d1e16c6ed2e6@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 13, 2006 at 05:22:41PM -0600, Tuareg wrote: > Dec 13 00:00:00 myhost newsyslog[41433]: logfile turned over > Dec 13 00:00:02 myhost sendmail[41485]: gethostbyaddr(xxx.xxx.xxx.xxx) > failed: 1 > Dec 13 00:00:02 myhost sendmail[41485]: kBD602j41485: from=root, size=137, > class=0, nrcpts=1, msgid=< > 200612130600.kBD602j41485@server.FreeBSD.4.6-RELEASE>, relay=root@localhost > Dec 13 00:00:03 myhost sendmail[41488]: kBD602j41485: to= > [...] clearly sendmail is running, but not as a daemon. It gets called for every single mail by some other process running as root. You suspect squid to do so? (unlikely, why should a webcache send emails...) Well, then run squid as another user and watch the logs, should be "from=squiduser" then... The problem with too much root- processes is, you can't tell which one is going mad. enjoy, Armin -- PUBBOX Postmaster + spam-killer. Free email addresses at http://pubbox.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061214010319.GB686>