Rainer Zocholl
2005-Jul-22 23:22 UTC
[Logcheck-devel] Bug#319547: Legitime email addresses causes (false) "Security Events"
Package: logcheck Version: 1.2.39 Hello from time to time i get such (false) "Security Event". after a while you will see the message-ID "ZYNEgi0Z1.bKYuiJRtHC2 at illegal2.msn.com" containing the nagic word "illegal"... Question: Can't that be abused for DoS or logfile floodding because it's only to the sender to use "trigger words", not only in hosts but in mail from too? Of cause i could defined violation ignores, but i think that's a more general problem, or? Security Events =-=-=-=-=-=-=-Jul 22 23:00:35 host sm-mta[13658]: j6ML0Z8M013658: from=<levulose at rr.com>, size=1586, class=0, nrcpts=1, msgid=<ZYNEgi0Z1.bKYuiJRtHC2 at illegal2.msn.com>, proto=ESMTP, daemon=MTA, relay=xxxxx [nnn.nnn.nnn.]
Rainer Zocholl
2005-Jul-23 14:27 UTC
Bug#319547: [Logcheck-devel] Bug#319547: Legitime email addresses causes (false) "Security Events"
>Package: logcheck >Version: 1.2.39>Hello>from time to time i get such (false) "Security Event".Seems to become common practice :-( Again an "security event", i assume "promiscuous" in msgid triggered. Jul 23 14:46:26 host sm-mta[25759]: j6NCkQTS025759: from=<maldivedahomeyretort at mauimail.com>, size=16186, class=0, nrcpts=1, msgid=<perchance4123456.benz at promiscuous.17.parlance.net>, proto=ESMTP, daemon=MTA, relay=... Rainer