From owner-freebsd-questions@FreeBSD.ORG  Thu Dec 14 01:04:48 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id A440516A4D8
	for <freebsd-questions@freebsd.org>;
	Thu, 14 Dec 2006 01:04:48 +0000 (UTC)
	(envelope-from arminius@pubbox.net)
Received: from pubbox.net (pubbox.net [81.169.167.142])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B55D443DF1
	for <freebsd-questions@freebsd.org>;
	Thu, 14 Dec 2006 01:01:33 +0000 (GMT)
	(envelope-from arminius@pubbox.net)
Received: from e180095077.adsl.alicedsl.de ([85.180.95.77] helo=pubbox.net)
	by pubbox.net with esmtpa (Exim 4.60 (FreeBSD))
	(envelope-from <arminius@pubbox.net>)
	id 1Guf03-0003H7-8c; Thu, 14 Dec 2006 02:03:03 +0100
Date: Thu, 14 Dec 2006 02:03:19 +0100
From: Armin Arh <armin@pubbox.net>
To: Tuareg <tuaregmex@gmail.com>
Message-ID: <20061214010319.GB686@pubbox.net>
References: <20061206034909.27125.qmail@web37214.mail.mud.yahoo.com>
	<200612131447.28141.lane@joeandlane.com>
	<7a4a15bd0612131436j7d289ba8h989ba4400b72a3ad@mail.gmail.com>
	<200612131657.18164.lane@joeandlane.com>
	<7a4a15bd0612131522t2942b44bo4412d1e16c6ed2e6@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <7a4a15bd0612131522t2942b44bo4412d1e16c6ed2e6@mail.gmail.com>
User-Agent: Mutt/1.5.11
Sender: arminius@pubbox.net
Cc: Lane <lane@joeandlane.com>, freebsd-questions@freebsd.org
Subject: Re: how do I see security logs without turning on sendmail?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2006 01:04:48 -0000

On Wed, Dec 13, 2006 at 05:22:41PM -0600, Tuareg wrote:
> Dec 13 00:00:00 myhost newsyslog[41433]: logfile turned over
> Dec 13 00:00:02 myhost sendmail[41485]: gethostbyaddr(xxx.xxx.xxx.xxx)
> failed: 1
> Dec 13 00:00:02 myhost sendmail[41485]: kBD602j41485: from=root, size=137,
> class=0, nrcpts=1, msgid=<
> 200612130600.kBD602j41485@server.FreeBSD.4.6-RELEASE>, relay=root@localhost
> Dec 13 00:00:03 myhost sendmail[41488]: kBD602j41485: to=
> [...]

clearly sendmail is running, but not as a daemon.
It gets called for every single mail by some other process running as root.
You suspect squid to do so? (unlikely, why should a webcache send emails...)
Well, then run squid as another user and watch the logs, should
be "from=squiduser" then...

The problem with too much root- processes is, you can't tell which one is going mad.

enjoy,
	Armin
-- 
PUBBOX Postmaster + spam-killer. Free email addresses at http://pubbox.net/