[Logwatch] newbie needs help

Bug Hunter bughuntr@one.ctelcom.net
Fri, 27 Sep 2002 09:56:27 -0500 (CDT)

  I've used the previous versions of logwatch, and they were easy to 
understand and modify.  This one has me baffled.

  I looked up the FAQ, and found an answer, but it does not seem to work.

  I am getting a line like:

Sep 26 09:53:49 one sendmail[1346]: g8QErlA01346: transport15.azogle.com
[]: possible SMTP attack: command=HELO/EHLO, count=3

  in my log.  I went into /etc/log.d/conf/maillog.conf and added the line


  Just like the FAQ said.  However, I'm still getting the report.  I'm 
getting a 3 megabyte logwatch file, and am interested in removing certain 

  Also, I get the following:

Sep 26 06:01:26 one sendmail[24180]: g8QB1Q724180: ruleset=check_relay,
arg1=laoutbound7.lamailer.com, arg2=,
relay=laoutbound7.lamailer.com [], reject=550 5.7.1 Mail from refused by blackhole site

  I tried


 and it still shows up in the logwatch report.




Sick and tired of spam?
Ask me about Mail Deflector!