[Logwatch] newbie needs help

Bug Hunter bughuntr@one.ctelcom.net
Fri, 27 Sep 2002 09:56:27 -0500 (CDT)


  I've used the previous versions of logwatch, and they were easy to 
understand and modify.  This one has me baffled.

  I looked up the FAQ, and found an answer, but it does not seem to work.

  I am getting a line like:

Sep 26 09:53:49 one sendmail[1346]: g8QErlA01346: transport15.azogle.com
[66.46.150.19]: possible SMTP attack: command=HELO/EHLO, count=3

  in my log.  I went into /etc/log.d/conf/maillog.conf and added the line

*Remove='.*azogle.*'

  Just like the FAQ said.  However, I'm still getting the report.  I'm 
getting a 3 megabyte logwatch file, and am interested in removing certain 
reports.


  Also, I get the following:

Sep 26 06:01:26 one sendmail[24180]: g8QB1Q724180: ruleset=check_relay,
arg1=laoutbound7.lamailer.com, arg2=216.34.211.27,
relay=laoutbound7.lamailer.com [216.34.211.27], reject=550 5.7.1 Mail from
216.34.211.27 refused by blackhole site
http://www.maildeflector.com/whywasirefused.php

  I tried

*Remove='.whywasirefused.php.*'

 and it still shows up in the logwatch report.


 Help?


Bug

  


-- 
---------------------------------
Sick and tired of spam?
Ask me about Mail Deflector!
http://www.maildeflector.com
---------------------------------