how do I see security logs without turning on sendmail?
Tuareg
tuaregmex at gmail.com
Wed Dec 13 15:22:45 PST 2006
On 12/13/06, Lane <lane at joeandlane.com> wrote:
>
> Tuareg,
>
> Yours is a mystery.
Exactly... I can't find how the server is sending the emails without
having sendmail active.
Let's see the output of
>
> tail -200 /var/log/maillog
>
> from the working machine.
Ok, here we go....
Dec 13 00:00:00 myhost newsyslog[41433]: logfile turned over
Dec 13 00:00:02 myhost sendmail[41485]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 00:00:02 myhost sendmail[41485]: kBD602j41485: from=root, size=137,
class=0, nrcpts=1, msgid=<
200612130600.kBD602j41485 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 00:00:03 myhost sendmail[41488]: kBD602j41485: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYP95973 Message accepted for delivery)
Dec 13 01:00:02 myhost sendmail[41626]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 01:00:03 myhost sendmail[41626]: kBD702J41626: from=root, size=137,
class=0, nrcpts=1, msgid=<
200612130700.kBD702J41626 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 01:00:04 myhost sendmail[41629]: kBD702J41626: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:01,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYM94014 Message accepted for delivery)
Dec 13 02:00:01 myhost sendmail[41741]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 02:00:01 myhost sendmail[41741]: kBD801C41741: from=root, size=137,
class=0, nrcpts=1, msgid=<
200612130800.kBD801C41741 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 02:00:02 myhost sendmail[41744]: kBD801C41741: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYQ08859 Message accepted for delivery)
Dec 13 03:00:01 myhost sendmail[41850]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 03:00:02 myhost sendmail[41850]: kBD901x41850: from=root, size=137,
class=0, nrcpts=1, msgid=<
200612130900.kBD901x41850 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 03:00:03 myhost sendmail[41853]: kBD901x41850: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:01,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYX97507 Message accepted for delivery)
Dec 13 04:00:01 myhost sendmail[41954]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 04:00:01 myhost sendmail[41954]: kBDA01S41954: from=root, size=137,
class=0, nrcpts=1, msgid=<
200612131000.kBDA01S41954 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 04:00:02 myhost sendmail[41957]: kBDA01S41954: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYN10182 Message accepted for delivery)
Dec 13 05:00:01 myhost sendmail[42057]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 05:00:02 myhost sendmail[42057]: kBDB01842057: from=root, size=137,
class=0, nrcpts=1, msgid=<
200612131100.kBDB01842057 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 05:00:03 myhost sendmail[42060]: kBDB01842057: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:01,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYY07081 Message accepted for delivery)
Dec 13 06:00:01 myhost sendmail[42160]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 06:00:01 myhost sendmail[42160]: kBDC01p42160: from=root, size=137,
class=0, nrcpts=1, msgid=<
200612131200.kBDC01p42160 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 06:00:02 myhost sendmail[42163]: kBDC01p42160: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYQ28469 Message accepted for delivery)
Dec 13 07:00:02 myhost sendmail[42257]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 07:00:02 myhost sendmail[42257]: kBDD02342257: from=root, size=137,
class=0, nrcpts=1, msgid=<
200612131300.kBDD02342257 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 07:00:03 myhost sendmail[42260]: kBDD02342257: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYY16076 Message accepted for delivery)
Dec 13 08:00:03 myhost sendmail[42364]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 08:00:03 myhost sendmail[42364]: kBDE03W42364: from=root, size=136,
class=0, nrcpts=1, msgid=<
200612131400.kBDE03W42364 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 08:00:05 myhost sendmail[42367]: kBDE03W42364: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:02,
mailer=esmtp, pri=30136, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYQ38182 Message accepted for delivery)
Dec 13 09:00:01 myhost sendmail[42461]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 09:00:01 myhost sendmail[42461]: kBDF01U42461: from=root, size=137,
class=0, nrcpts=1, msgid=<
200612131500.kBDF01U42461 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 09:00:02 myhost sendmail[42464]: kBDF01U42461: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYY26346 Message accepted for delivery)
Dec 13 10:00:02 myhost sendmail[42576]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 10:00:02 myhost sendmail[42576]: kBDG02i42576: from=root, size=137,
class=0, nrcpts=1, msgid=<
200612131600.kBDG02i42576 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 10:00:03 myhost sendmail[42579]: kBDG02i42576: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYQ48491 Message accepted for delivery)
Dec 13 11:00:02 myhost sendmail[42704]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 11:00:02 myhost sendmail[42704]: kBDH02T42704: from=root, size=136,
class=0, nrcpts=1, msgid=<
200612131700.kBDH02T42704 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 11:00:03 myhost sendmail[42707]: kBDH02T42704: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=30136, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYQ55071 Message accepted for delivery)
Dec 13 12:00:01 myhost sendmail[42831]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 12:00:02 myhost sendmail[42831]: kBDI01Z42831: from=root, size=137,
class=0, nrcpts=1, msgid=<
200612131800.kBDI01Z42831 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 12:00:04 myhost sendmail[42834]: kBDI01Z42831: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:02,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYY46161 Message accepted for delivery)
Dec 13 13:00:04 myhost sendmail[42960]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 13:00:04 myhost sendmail[42960]: kBDJ04Q42960: from=root, size=137,
class=0, nrcpts=1, msgid=<
200612131900.kBDJ04Q42960 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 13:00:07 myhost sendmail[42963]: kBDJ04Q42960: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:03,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (BAQ62230 Message accepted for delivery)
Dec 13 14:00:01 myhost sendmail[43094]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 14:00:01 myhost sendmail[43094]: kBDK01143094: from=root, size=137,
class=0, nrcpts=1, msgid=<
200612132000.kBDK01143094 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 14:00:02 myhost sendmail[43097]: kBDK01143094: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (BAQ70563 Message accepted for delivery)
Dec 13 15:00:02 myhost sendmail[43227]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 15:00:02 myhost sendmail[43227]: kBDL02q43227: from=root, size=137,
class=0, nrcpts=1, msgid=<
200612132100.kBDL02q43227 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 15:00:03 myhost sendmail[43230]: kBDL02q43227: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYQ87242 Message accepted for delivery)
Dec 13 16:00:02 myhost sendmail[43362]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 16:00:02 myhost sendmail[43362]: kBDM02G43362: from=root, size=137,
class=0, nrcpts=1, msgid=<
200612132200.kBDM02G43362 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 16:00:03 myhost sendmail[43365]: kBDM02G43362: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYN86757 Message accepted for delivery)
Dec 13 17:00:02 myhost sendmail[43495]: gethostbyaddr(xxx.xxx.xxx.xxx)
failed: 1
Dec 13 17:00:03 myhost sendmail[43495]: kBDN02743495: from=root, size=137,
class=0, nrcpts=1, msgid=<200612132300.kBDN027434
95 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
Dec 13 17:00:04 myhost sendmail[43498]: kBDN02743495: to=
user at main.server.com, ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:01,
mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
stat=Sent (AYY85233 Message accepted for delivery)
Clearly there is no mta being started on boot. But I'm not familiar enough
> with squid to say for sure that it is not the daemon in question. It may
> be
> that squid is configurable so that it could be delivering the log
> messages.
>
> I'll make it and see what I can see.
>
> In the mean time, if anyone else has some ready experience to say for
> certain
> that this is probably what's happening, then jump right in.
>
> lane
>
Thank you very much for your help.
More information about the freebsd-questions
mailing list