Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

root@cp getting too much mail (by the min.) having this content

Discussion in 'E-mail Discussion' started by hariskhan, Apr 5, 2006.

  1. hariskhan

    hariskhan Well-Known Member

    Joined:
    Apr 15, 2004
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    166
    Hello,

    My default system account root@hostname is getting too much mail (which I'm re-directing to another mail account atm.).

    Following are the contents of the mail I get every minute;
    ===========================================

    Charlie Root <root@cp.ids-worldwide.com>
    More options 6:45 pm (5 hours ago)


    Security Violations
    =-=-=-=-=-=-=-=-=-=
    Apr 5 09:36:55 cp spamd[698]: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.cp.ids-worldwide.com.698 for /root/.spamassassin/auto-whitelist.lock: Permission denied
    Apr 5 09:36:55 cp spamd[698]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.cp.ids-worldwide.com.698 for /root/.spamassassin/auto-whitelist.lock: Permission denied

    Unusual System Events
    =-=-=-=-=-=-=-=-=-=-=
    Apr 5 09:36:53 cp kernel: Connection attempt to TCP 127.0.0.1:113 from 127.0.0.1:53284 flags:0x02
    Apr 5 09:36:55 cp imapd: LOGOUT, ip=[::ffff:127.0.0.1], rcvd=13, sent=309
    Apr 5 09:36:55 cp pop3d: LOGOUT, ip=[::ffff:127.0.0.1]
    Apr 5 09:36:55 cp spamd[698]: spamd: connection from localhost [127.0.0.1] at port 58494
    Apr 5 09:36:55 cp spamd[698]: spamd: setuid to root succeeded
    Apr 5 09:36:55 cp spamd[698]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody at /usr/bin/spamd line 1152, <GEN67> line 4.
    Apr 5 09:36:55 cp spamd[698]: spamd: processing message <GTUBE1.1010101@example.net> for root:65534
    Apr 5 09:36:55 cp spamd[698]: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.cp.ids-worldwide.com.698 for /root/.spamassassin/auto-whitelist.lock: Permission denied
    Apr 5 09:36:55 cp spamd[698]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.cp.ids-worldwide.com.698 for /root/.spamassassin/auto-whitelist.lock: Permission denied
    Apr 5 09:36:55 cp spamd[698]: spamd: identified spam (1000.0/5.0) for root:65534 in 0.1 seconds, 834 bytes.
    Apr 5 09:36:55 cp spamd[698]: spamd: result: Y 999 - GTUBE,NO_RECEIVED,NO_RELAYS scantime=0.1,size=834,user=root,uid=65534,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=58494,mid=<GTUBE1.1010101@example.net>,autolearn=no
    Apr 5 09:36:55 cp spamd[485]: prefork: child states: II
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Well, that's logcheck which is a 3rd party application which is under your control. Sounds like you've set it up to run too frequently.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. asterisk

    asterisk Well-Known Member

    Joined:
    Nov 11, 2005
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    156
    Also, I understand you can tune down the alerts from Logcheck to filter out the warnings that don't really matter in their ignore files.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Yup. Depends on how you installed it, but the Mandrake rpms put the ignore and main regex files in /etc/logcheck/
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. hariskhan

    hariskhan Well-Known Member

    Joined:
    Apr 15, 2004
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    166
    Why have I missed cpanel's defaults in my cpanel install? *laugh*

    Hello,

    Its set to run every 15mins.

    I feel like having a non-default, non-out of the box cpanel on my fbsd boxes *laugh*

    What's the default value that cpanel puts it to? I think logcheck usually runs 1 time in 24 hrs i.e.,

    It runs once at 0000 hrs every day, right?
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    cPanel doesn't install or use logcheck, so there is no default.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice