how do I see security logs without turning on sendmail?

Lane lane at joeandlane.com
Wed Dec 13 15:32:58 PST 2006 

On Wednesday 13 December 2006 17:22, Tuareg wrote:
> On 12/13/06, Lane <lane at joeandlane.com> wrote:
> > Tuareg,
> >
> > Yours is a mystery.
>
> Exactly... I  can't  find how the server is sending the emails without
> having sendmail active.
>
> Let's see the output of
>
> > tail -200 /var/log/maillog
> >
> > from the working machine.
>
> Ok, here we go....
>
> Dec 13 00:00:00 myhost newsyslog[41433]: logfile turned over
> Dec 13 00:00:02 myhost sendmail[41485]: gethostbyaddr(xxx.xxx.xxx.xxx)
> failed: 1
> Dec 13 00:00:02 myhost sendmail[41485]: kBD602j41485: from=root, size=137,
> class=0, nrcpts=1, msgid=<
> 200612130600.kBD602j41485 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
> Dec 13 00:00:03 myhost sendmail[41488]: kBD602j41485: to=
> user at main.server.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01,
> mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx],
> dsn=2.0.0, stat=Sent (AYP95973 Message accepted for delivery)
> Dec 13 01:00:02 myhost sendmail[41626]: gethostbyaddr(xxx.xxx.xxx.xxx)
> failed: 1
> Dec 13 01:00:03 myhost sendmail[41626]: kBD702J41626: from=root, size=137,
> class=0, nrcpts=1, msgid=<
> 200612130700.kBD702J41626 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
> Dec 13 01:00:04 myhost sendmail[41629]: kBD702J41626: to=
> user at main.server.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:01,
> mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx],
> dsn=2.0.0, stat=Sent (AYM94014 Message accepted for delivery)

Tuareg,

clearly sendmail is running.  That is indicated by "sendmail[41626]" in 
your /var/log/sendmail log.

The question, of course, is how does it get started.  The answer is still 
mysterious ... unless, of course, it is being managed by squid.  In that case 
it might not be running as a daemon process, but could be invoked by squid 
when it needs to send mail.  

But I'm just guessing at this point.  I really don't know enough about squid 
to give you an authoritative answer.

I've got to step out for a few hours, but I'll see what I can find out on 
squid and get back to you in the morning.

lane

More information about the freebsd-questions mailing list