Date: Sun, 13 Jan 2002 11:35:04 -0800 From: "Noah Davidson" <Noah@oopz.com> To: "Len Conrad" <LConrad@Go2France.com>, <Freebsd-isp@freebsd.org> Subject: RE: tuning syslog.conf Message-ID: <A6A82340FB3DB643A0678E3B10CD5AC1062FD8@xela.oopz.com>
next in thread | raw e-mail | index | archive | help
If you are referring to Ipswich's imail I would strongly recommend something else. We have just moved off of imail due to security reasons. For example all user names and passwords are kept in the registry with the passwords kept in the HEX representation of the password. So as you can imagine all the passwords were very easy to retrieve to move onto a UNIX system. We are now using sendmail. It also turned out that many people (mainly spamers) have a full list of all of our users email addresses from our old imail server. If you are interested in this let me know I have many perl scripts that I wrote on windows to get all of the users and mail off of the imail server onto a FreeBSD sendmail box. Good luck. Thanks Noah -----Original Message----- From: Len Conrad [mailto:LConrad@Go2France.com] Sent: Sunday, January 13, 2002 7:32 AM To: Freebsd-isp@freebsd.org Subject: tuning syslog.conf We've got a gateway machine to which we're adding Bennett Todd's=20 pop-before-smtp dynamic really access control. The mailboxes and pop logins are on an Imail machine whose pop daemon is logging to the syslog server on FreeBSD4.4R running postfix (IMGate). To=20 use the smallest possible file for tailing, we've set up a !POP3D section=20 in syslog.conf and log Imail POP3D to a file (successfully), but the POP3D=20 messages are also logged to /var/log/messages. I can't see by what=20 facility that's happening and so can't turn it off. Here's the -d output: # syslogd -d -4 listening on inet and/or inet6 socket sending on inet and/or inet6 socket off & running.... init cfline("*.err;kern.debug;auth.notice;mail.crit /dev/console", f,=20 "*", "*") cfline("*.notice;kern.debug;lpr.info;mail.crit;news.err;=20 /var/log/messages", f, "*", "*") cfline("security.* /var/log/security",=20 f, "*", "*") cfline("mail.info /var/log/maillog",=20 f, "*", "*") cfline("lpr.info /var/log/lpd-errs",=20 f, "*", "*") cfline("cron.* /var/log/cron", f,=20 "*", "*") cfline("*.err root", f, "*", "*") cfline("*.notice;news.err root", f, "*", "*") cfline("*.alert root", f, "*", "*") cfline("*.emerg *", f, "*", "*") cfline("*.* /var/log/slip.log",=20 f, "startslip", "*") cfline("*.* /var/log/ppp.log",=20 f, "ppp", "*") cfline("*.* /var/log/poplog",=20 f, "POP3D", "*") cfline("*.none /var/log/messages",=20 f, "POP3D", "*") 7 3 2 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console 7 5 2 5 5 5 6 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X FILE: /var/log/messages X X X X X X X X X X X X X 8 X X X X X X X X X X X FILE: /var/log/security X X 6 X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/maillog X X X X X X 6 X X X X X X X X X X X X X X X X X X FILE: /var/log/lpd-errs X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/log/cron 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X USERS: root, 5 5 5 5 5 5 5 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: root, 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: root, 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/slip.log=20 (startslip) 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/ppp.log (ppp) 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/poplog (POP3D) X X X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/log/messages=20 (POP3D) logmsg: pri 56, flags 4, from lc2, msg syslogd: restart syslogd: restarted logmsg: pri 166, flags 17, from lc2, msg Jan 13 09:11:55 lc2 syslogd:=20 exiting on signal 2 cvthname(212.73.210.73) logmsg: pri 15, flags 0, from ms1.meiway.com, msg POP3D (000001D7) logon success for LConrad mail.Go2France.com from 66.64.14.18 Logging to FILE /var/log/messages Logging to USERS Logging to FILE /var/log/poplog How do we stop POP3D from going to messages? 2. For a little ACL, when I add an "allowed peer" option (=20 ipaddr/masklen[:service] ) to the above syslog command "-a=20 212.73.210.73/24", the -d output becomes: # syslogd -d -4 -a 212.73.210.73 allowaddr: rule 0: numeric, addr =3D 212.73.210.0, mask =3D = 255.255.255.0; port=20 =3D 514 listening on inet and/or inet6 socket sending on inet and/or inet6 socket off & running.... and all syslog messages from 212.73.210.73 get this treatment: cvthname(212.73.210.73) validate: dgram from IP 212.73.210.73, port 3506, name ms1.meiway.com; rejected in rule 0 due to port mismatch. ok, so we use "-a 212.73.210.73/24:*" and get: # syslogd -d -4 -a 212.73.210.73:* syslogd: No match. I've been all over man 3 and man 8 for syslogd, syslog, syslcon.conf and can't figure out what we're doing wrong in 2., or how to do 1. Thanks Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A6A82340FB3DB643A0678E3B10CD5AC1062FD8>