If the relays are in your relay table, its not a security violation. However, if the relays are not in your relay table, it most certainly is unauthorized access to your server.
Logcheck doesn't know the difference. Kevin ----- Original Message ----- From: "P Ferwerda" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 24, 2001 3:30 PM Subject: [cobalt-security] stat=Sent (Requested mail action okay, completed) > I recently turned on logcheck for the first time and am getting the following security violations. It isn't clear to me why they are security violations. Should I be shutting this access off in some fashion? > > Thanks, > Paul > > > >Security Violations > >=-=-=-=-=-=-=-=-=-= > >Oct 24 08:48:29 www sendmail[4114]: IAA04112: [EMAIL PROTECTED], ctladdr=httpd (15/11), delay=00:00:05, xdelay=00:00:05, mailer=esmtp, relay=mc1.law5.hotmail.com. [64.4.55.71], stat=Sent (Requested mail action okay, completed) > >Oct 24 10:23:28 www sendmail[8331]: KAA08329: [EMAIL PROTECTED], ctladdr=httpd (15/11), delay=00:00:11, xdelay=00:00:11, mailer=esmtp, relay=mailin-03.mx.aol.com. [205.188.156.186], stat=Sent (OK) > >Oct 24 10:23:40 www sendmail[8389]: KAA08387: [EMAIL PROTECTED], ctladdr=httpd (15/11), delay=00:00:06, xdelay=00:00:06, mailer=esmtp, relay=mailin-03.mx.aol.com. [205.188.156.186], stat=Sent (OK) > >Oct 24 10:23:45 www sendmail[8392]: KAA08390: [EMAIL PROTECTED], ctladdr=httpd (15/11), delay=00:00:11, xdelay=00:00:11, mailer=esmtp, relay=mc7.law5.hotmail.com. [64.4.42.7], stat=Sent (Requested mail action okay, completed) > >Oct 24 10:23:46 www sendmail[8334]: KAA08332: [EMAIL PROTECTED], ctladdr=httpd (15/11), delay=00:00:29, xdelay=00:00:29, mailer=esmtp, relay=mc3.law13.hotmail.com. [64.4.49.135], stat=Sent (Requested mail action okay, completed) > >Oct 24 10:24:01 www sendmail[8474]: KAA08472: [EMAIL PROTECTED], ctladdr=httpd (15/11), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, relay=mc7.law13.hotmail.com. [65.54.232.7], stat=Sent (Requested mail action okay, completed) > >Oct 24 10:24:01 www sendmail[8471]: KAA08469: [EMAIL PROTECTED], ctladdr=httpd (15/11), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, relay=mailin-01.mx.aol.com. [64.12.136.57], stat=Sent (OK) > > > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
