The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

root@cp getting too much mail (by the min.) having this content

Discussion in 'E-mail Discussions' started by hariskhan, Apr 5, 2006.

  1. hariskhan

    hariskhan Well-Known Member

    Joined:
    Apr 15, 2004
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    My default system account root@hostname is getting too much mail (which I'm re-directing to another mail account atm.).

    Following are the contents of the mail I get every minute;
    ===========================================

    Charlie Root <root@cp.ids-worldwide.com>
    More options 6:45 pm (5 hours ago)


    Security Violations
    =-=-=-=-=-=-=-=-=-=
    Apr 5 09:36:55 cp spamd[698]: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.cp.ids-worldwide.com.698 for /root/.spamassassin/auto-whitelist.lock: Permission denied
    Apr 5 09:36:55 cp spamd[698]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.cp.ids-worldwide.com.698 for /root/.spamassassin/auto-whitelist.lock: Permission denied

    Unusual System Events
    =-=-=-=-=-=-=-=-=-=-=
    Apr 5 09:36:53 cp kernel: Connection attempt to TCP 127.0.0.1:113 from 127.0.0.1:53284 flags:0x02
    Apr 5 09:36:55 cp imapd: LOGOUT, ip=[::ffff:127.0.0.1], rcvd=13, sent=309
    Apr 5 09:36:55 cp pop3d: LOGOUT, ip=[::ffff:127.0.0.1]
    Apr 5 09:36:55 cp spamd[698]: spamd: connection from localhost [127.0.0.1] at port 58494
    Apr 5 09:36:55 cp spamd[698]: spamd: setuid to root succeeded
    Apr 5 09:36:55 cp spamd[698]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody at /usr/bin/spamd line 1152, <GEN67> line 4.
    Apr 5 09:36:55 cp spamd[698]: spamd: processing message <GTUBE1.1010101@example.net> for root:65534
    Apr 5 09:36:55 cp spamd[698]: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.cp.ids-worldwide.com.698 for /root/.spamassassin/auto-whitelist.lock: Permission denied
    Apr 5 09:36:55 cp spamd[698]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.cp.ids-worldwide.com.698 for /root/.spamassassin/auto-whitelist.lock: Permission denied
    Apr 5 09:36:55 cp spamd[698]: spamd: identified spam (1000.0/5.0) for root:65534 in 0.1 seconds, 834 bytes.
    Apr 5 09:36:55 cp spamd[698]: spamd: result: Y 999 - GTUBE,NO_RECEIVED,NO_RELAYS scantime=0.1,size=834,user=root,uid=65534,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=58494,mid=<GTUBE1.1010101@example.net>,autolearn=no
    Apr 5 09:36:55 cp spamd[485]: prefork: child states: II
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Well, that's logcheck which is a 3rd party application which is under your control. Sounds like you've set it up to run too frequently.
     
  3. asterisk

    asterisk Well-Known Member

    Joined:
    Nov 11, 2005
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Also, I understand you can tune down the alerts from Logcheck to filter out the warnings that don't really matter in their ignore files.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yup. Depends on how you installed it, but the Mandrake rpms put the ignore and main regex files in /etc/logcheck/
     
  5. hariskhan

    hariskhan Well-Known Member

    Joined:
    Apr 15, 2004
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Why have I missed cpanel's defaults in my cpanel install? *laugh*

    Hello,

    Its set to run every 15mins.

    I feel like having a non-default, non-out of the box cpanel on my fbsd boxes *laugh*

    What's the default value that cpanel puts it to? I think logcheck usually runs 1 time in 24 hrs i.e.,

    It runs once at 0000 hrs every day, right?
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    cPanel doesn't install or use logcheck, so there is no default.
     
Loading...

Share This Page