[Logcheck-devel] Bug#470779: logcheck: postfix false positives on email adresses/msgid containing 'attack'
Andreas Beckmann
debian at abeckmann.de
Thu Mar 13 16:46:00 UTC 2008
Package: logcheck
Version: 1.2.63
Severity: normal
Hi,
logcheck creates false positive "Security Alerts" reports on
postfix logfiles with lines with email adresses or message ids
containing 'attack', e.g.:
Mar 13 16:29:10 server postfix/cleanup[28061]: 7C8AE11F87E4:
message-id=<02c223fd$75b78c81$39dd45be at attackersbxw>
Mar 13 16:29:10 server postfix/qmgr[3318]: 7C8AE11F87E4:
from=<attackersbxw at westcosthomes.com>, size=2988, nrcpt=1 (queue active)
Andreas
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable'), (300, 'unstable'), (130, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
More information about the Logcheck-devel
mailing list