Skip to content
Snippets Groups Projects
  1. Nov 18, 2024
    • aoh's avatar
      warn-too-many-smtp-login-hosts: Only add extracted username · 6f5b7bac
      aoh authored
      Currently, the script reports the following false positive.
      
      > /etc/cron.hourly/warn-too-many-smtp-login-hosts:
      > The following users have smtp logins from more than 20 different hosts.
      > Please verify that these mail accounts haven't been compromised.
      >
      > USER                 #UNIQUE HOSTS
      > -----------------------------------------
      >                      2513
      
      This commit tries to adress this issue by checking if the extracted
      username is an empty string.
      
      The problem was that the script was matching lines similar to this,
      which ends with sasl_username=<name>
      
      Nov 17 00:01:51 hermod postfix/smtpd[556252]: warning: lneuilly-657-1-113-189.w82-127.abo.wanadoo.fr[82.127.41.189]: SASL PLAIN authentication failed: (reason unavailable), sasl_username=contact
      
      Hence I've also added the extra check as well
      
      !/authentication failed/
      
      which ignores all the lines with the text "authentication failed",
      becase we're not interested in those.
      Verified
      6f5b7bac
  2. Nov 04, 2024
  3. Sep 19, 2024
  4. May 13, 2024
  5. May 08, 2024
  6. Mar 13, 2024
  7. Mar 12, 2024
  8. Feb 01, 2024
  9. Jan 15, 2024
  10. Jan 14, 2024
  11. Jan 02, 2024
  12. Dec 31, 2023
  13. Dec 29, 2023
  14. Dec 28, 2023
  15. Dec 10, 2023
    • aoh's avatar
      Merge branch 'update_whitelist' into 'master' · 4a8af586
      aoh authored
      warn-invalid-from-lysator: Add zabbix to WHITELIST
      
      See merge request !1
      4a8af586
    • aoh's avatar
      warn-invalid-from-lysator: Add zabbix to WHITELIST · a2ef5630
      aoh authored
      
      Add zabbix to WHITELIST to get rid of following invalid warning e-mails:
      
      """
      
      Date: Sun, 10 Dec 2023 07:17:03 +0100 (CET)
      From: Cron Daemon <root@lysator.liu.se>
      To: root@lysator.liu.se
      Subject: Cron <root@hermod>    cd / && run-parts --report /etc/cron.hourly
      X-Original-To: root@lysator.liu.se
      
      /etc/cron.hourly/warn-invalid-from-lysator:
      There has been sent mail from the following invalid Lysator addresses.
      This could indicate that a mail account have been compromised and is
      sending spam.
      
      zabbix@lysator.liu.se
      run-parts: /etc/cron.hourly/warn-invalid-from-lysator exited with return code 1
      
      """
      
      Signed-off-by: default avataraoh <aoh@lysator.liu.se>
      Verified
      a2ef5630
  16. Dec 05, 2023
  17. Dec 04, 2023
  18. Nov 11, 2023
  19. Nov 07, 2023
  20. Nov 06, 2023
  21. Oct 11, 2023
  22. Oct 09, 2023
Loading