[Logwatch-Devel] Sendmail Unknown Users Patch

Kenneth Porter shiva@sewingwitch.com
Tue, 01 Apr 2003 02:43:48 -0800


--On Saturday, March 29, 2003 12:41 PM -0600 Erik Ogan <erik+@slackers.net>
wrote:

> The end result is HUGE logwatch sendmail reports full of unknown users
> with only 1 (or ocasionally 2) falure(s). The biggest trouble with this
> is that important "Unkown Users" information is burried in this mountain
> of data.

I saw one of these last week. About every half hour I'd get hit by a single
message with a block of bogus target addresses, using a single sendmail
connection. The relay was always the same. That suggests that you could filter
on the relay rather than the username.

I ended up null-routing the offender and sent a complaint to his ISP.