From owner-freebsd-security Fri Sep 22 13:12:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id A888737B42C for ; Fri, 22 Sep 2000 13:12:43 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id OAA11489; Fri, 22 Sep 2000 14:12:34 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id OAA70984; Fri, 22 Sep 2000 14:12:34 -0600 (MDT) Message-Id: <200009222012.OAA70984@harmony.village.org> To: Neil Blakey-Milner Subject: Re: sendmail default run state Cc: security@FreeBSD.ORG, Peter Wemm In-reply-to: Your message of "Fri, 22 Sep 2000 21:56:16 +0200." <20000922215616.A33103@mithrandr.moria.org> References: <20000922215616.A33103@mithrandr.moria.org> <200009100358.e8A3wUG76071@netplex.com.au> <200009100415.e8A4F4G76156@netplex.com.au> <20000910154357.A78311@mithrandr.moria.org> Date: Fri, 22 Sep 2000 14:12:34 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20000922215616.A33103@mithrandr.moria.org> Neil Blakey-Milner writes: : I personally would really like 'sendmail_outbound_only="YES"' to be the : default in /etc/defaults/rc.conf, with an option in sysinstall's Network : Services for turning it on/off. I like this a lot. We have several machines in the Village that ARE NOT FOR EMAIL (caps ment to describe the tone of voice we have when we talk about them). These machiens generate email all the time, but should never receive email. We solve this problem with a simple cron job that runs once a day after the daily/weekly/monthly scripts run to deal with failures to send those right away. Speaking of daily logs, I was wondering. Let's say I have 100 machines that are in my network. All of them send root mail to me. I spool the message to a folder, but rarely read them because the volume is so large. Does anybody have a tool that would read them and report things outside the normal? I had thought (and have tried) a daily diff, but that works well for some things (like passwordless accounts, say), but poorly for others (suid files changing, disk usage, etc). I'd like to be able to setup a filter that will look at each message and tell me if it is out of the ordinary. Or if a machine goes quiet. With 10 machines I notice which ones I'm missing, but with 100 I don't notice. Has anybody implemented something like this? Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message