Date: Sun, 13 Jan 2002 11:35:04 -0800 From: "Noah Davidson" <Noah@oopz.com> To: "Len Conrad" <LConrad@Go2France.com>, <Freebsd-isp@freebsd.org> Subject: RE: tuning syslog.conf Message-ID: <A6A82340FB3DB643A0678E3B10CD5AC1062FD8@xela.oopz.com>
next in thread | raw e-mail | index | archive | help
If you are referring to Ipswich's imail I would strongly recommend
something else. We have just moved off of imail due to security
reasons. For example all user names and passwords are kept in the
registry with the passwords kept in the HEX representation of the
password. So as you can imagine all the passwords were very easy to
retrieve to move onto a UNIX system. We are now using sendmail. It
also turned out that many people (mainly spamers) have a full list of
all of our users email addresses from our old imail server. If you are
interested in this let me know I have many perl scripts that I wrote on
windows to get all of the users and mail off of the imail server onto a
FreeBSD sendmail box. Good luck.
Thanks
Noah
-----Original Message-----
From: Len Conrad [mailto:LConrad@Go2France.com]
Sent: Sunday, January 13, 2002 7:32 AM
To: Freebsd-isp@freebsd.org
Subject: tuning syslog.conf
We've got a gateway machine to which we're adding Bennett Todd's=20
pop-before-smtp dynamic really access control.
The mailboxes and pop logins are on an Imail machine whose pop daemon is
logging to the syslog server on FreeBSD4.4R running postfix (IMGate).
To=20
use the smallest possible file for tailing, we've set up a !POP3D
section=20
in syslog.conf and log Imail POP3D to a file (successfully), but the
POP3D=20
messages are also logged to /var/log/messages. I can't see by what=20
facility that's happening and so can't turn it off. Here's the -d
output:
# syslogd -d -4
listening on inet and/or inet6 socket
sending on inet and/or inet6 socket
off & running....
init
cfline("*.err;kern.debug;auth.notice;mail.crit /dev/console",
f,=20
"*", "*")
cfline("*.notice;kern.debug;lpr.info;mail.crit;news.err;=20
/var/log/messages", f, "*", "*")
cfline("security.*
/var/log/security",=20
f, "*", "*")
cfline("mail.info
/var/log/maillog",=20
f, "*", "*")
cfline("lpr.info
/var/log/lpd-errs",=20
f, "*", "*")
cfline("cron.* /var/log/cron",
f,=20
"*", "*")
cfline("*.err root", f, "*",
"*")
cfline("*.notice;news.err root", f, "*",
"*")
cfline("*.alert root", f, "*",
"*")
cfline("*.emerg *", f, "*", "*")
cfline("*.*
/var/log/slip.log",=20
f, "startslip", "*")
cfline("*.*
/var/log/ppp.log",=20
f, "ppp", "*")
cfline("*.*
/var/log/poplog",=20
f, "POP3D", "*")
cfline("*.none
/var/log/messages",=20
f, "POP3D", "*")
7 3 2 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console
7 5 2 5 5 5 6 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X FILE:
/var/log/messages
X X X X X X X X X X X X X 8 X X X X X X X X X X X FILE:
/var/log/security
X X 6 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog
X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE:
/var/log/lpd-errs
X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/log/cron
3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X USERS: root,
5 5 5 5 5 5 5 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: root,
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: root,
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL:
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE:
/var/log/slip.log=20
(startslip)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/ppp.log
(ppp)
8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/poplog
(POP3D)
X X X X X X X X X X X X X X X X X X X X X X X X X FILE:
/var/log/messages=20
(POP3D)
logmsg: pri 56, flags 4, from lc2, msg syslogd: restart
syslogd: restarted
logmsg: pri 166, flags 17, from lc2, msg Jan 13 09:11:55 lc2 syslogd:=20
exiting on signal 2
cvthname(212.73.210.73)
logmsg: pri 15, flags 0, from ms1.meiway.com, msg POP3D (000001D7) logon
success for LConrad mail.Go2France.com from 66.64.14.18
Logging to FILE /var/log/messages
Logging to USERS
Logging to FILE /var/log/poplog
How do we stop POP3D from going to messages?
2. For a little ACL, when I add an "allowed peer" option (=20
ipaddr/masklen[:service] ) to the above syslog command "-a=20
212.73.210.73/24", the -d output becomes:
# syslogd -d -4 -a 212.73.210.73
allowaddr: rule 0: numeric, addr =3D 212.73.210.0, mask =3D =
255.255.255.0;
port=20
=3D 514
listening on inet and/or inet6 socket
sending on inet and/or inet6 socket
off & running....
and all syslog messages from 212.73.210.73 get this treatment:
cvthname(212.73.210.73)
validate: dgram from IP 212.73.210.73, port 3506, name ms1.meiway.com;
rejected in rule 0 due to port mismatch.
ok, so we use "-a 212.73.210.73/24:*" and get:
# syslogd -d -4 -a 212.73.210.73:*
syslogd: No match.
I've been all over man 3 and man 8 for syslogd, syslog, syslcon.conf and
can't figure out what we're doing wrong in 2., or how to do 1.
Thanks
Len
http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail
gateways
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A6A82340FB3DB643A0678E3B10CD5AC1062FD8>