From owner-freebsd-questions  Sun Apr  6 04:55:19 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id EAA18066
          for questions-outgoing; Sun, 6 Apr 1997 04:55:19 -0700 (PDT)
Received: from mixcom.mixcom.com (mixcom.mixcom.com [198.137.186.100])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id EAA18061
          for <freebsd-questions@freebsd.org>; Sun, 6 Apr 1997 04:55:16 -0700 (PDT)
Received: by mixcom.mixcom.com (8.6.12/2.2)
	   id GAA20610; Sun, 6 Apr 1997 06:55:43 -0500
Received: from p75.mixcom.com(198.137.186.25) by mixcom.mixcom.com via smap (V1.3)
	id sma020603; Sun Apr  6 11:55:28 1997
Message-Id: <3.0.32.19970406064908.00bec648@mixcom.com>
X-Sender: sysop@mixcom.com
X-Mailer: Windows Eudora Pro Version 3.0 (32)
Date: Sun, 06 Apr 1997 06:49:09 -0500
To: jadeite <jadeite@light.pomona.edu>
From: "Jeffrey J. Mountin" <sysop@mixcom.com>
Subject: Re: loggin mail port
Cc: freebsd-questions@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

At 03:55 PM 4/5/97 -0800, jadeite wrote:
>	I'm trying to keep track of people logging into port 25.  I had
>syslog.conf report the following facilities:
>kern.*;lpr.*;mail.*;daemon.*;auth.* but I'm still not informed of telnets
>to port 25.  In fact the only clue I have is that when I do MAIL FROM: in
>smtp I'm told that /etc/aliases.db is out of date (I don't have such a
>file, only /etc/aliases, so this is could be an indication that I have
>another problem).  So, is there something in sendmail.cf that I need to
>configured so I'll know when someone telnets to port 25, or did I
>configure syslog.conf wrong?

Unless mail is sent, there will be no log.  SMTP logs under mail.info and
is usually /var/log/maillog and is all you really need.

We run a proxy and we don't see telnet connects to the port in the log.  I
can't see any reason why to log this.  If nothing is sent this should not
be a problem.

I'd imagine you could hack sendmail, so when the socket is created it would
log to mail.notice, but then how will you tell if it was a normal SMTP
transaction or a telnet?  Question for hackers I guess.

As for the out of date aliases.db, you are supposed to do a 'newaliases'
when you change the alias file.


-------------------------------------------
Jeff Mountin - System/Network Administrator
jeff@mixcom.net

MIX Communications
Serving the Internet since 1990