how do I see security logs without turning on sendmail?
Armin Arh
armin at pubbox.net
Wed Dec 13 17:04:48 PST 2006
On Wed, Dec 13, 2006 at 05:22:41PM -0600, Tuareg wrote:
> Dec 13 00:00:00 myhost newsyslog[41433]: logfile turned over
> Dec 13 00:00:02 myhost sendmail[41485]: gethostbyaddr(xxx.xxx.xxx.xxx)
> failed: 1
> Dec 13 00:00:02 myhost sendmail[41485]: kBD602j41485: from=root, size=137,
> class=0, nrcpts=1, msgid=<
> 200612130600.kBD602j41485 at server.FreeBSD.4.6-RELEASE>, relay=root at localhost
> Dec 13 00:00:03 myhost sendmail[41488]: kBD602j41485: to=
> [...]
clearly sendmail is running, but not as a daemon.
It gets called for every single mail by some other process running as root.
You suspect squid to do so? (unlikely, why should a webcache send emails...)
Well, then run squid as another user and watch the logs, should
be "from=squiduser" then...
The problem with too much root- processes is, you can't tell which one is going mad.
enjoy,
Armin
--
PUBBOX Postmaster + spam-killer. Free email addresses at http://pubbox.net/
More information about the freebsd-questions
mailing list