[Logwatch-Devel] Sendmail Unknown Users Patch
Tue, 01 Apr 2003 02:43:48 -0800
--On Saturday, March 29, 2003 12:41 PM -0600 Erik Ogan <firstname.lastname@example.org>
> The end result is HUGE logwatch sendmail reports full of unknown users
> with only 1 (or ocasionally 2) falure(s). The biggest trouble with this
> is that important "Unkown Users" information is burried in this mountain
> of data.
I saw one of these last week. About every half hour I'd get hit by a single
message with a block of bogus target addresses, using a single sendmail
connection. The relay was always the same. That suggests that you could filter
on the relay rather than the username.
I ended up null-routing the offender and sent a complaint to his ISP.