The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]

Things look quiet here. But I've been doing a lot of blogging at dan.langille.org because I prefer WordPress now. Not all my posts there are FreeBSD related. I am in the midst of migrating The FreeBSD Diary over to WordPress (and you can read about that here). Once the migration is completed, I'll move the FreeBSD posts into the new FreeBSD Diary website.

unwanted email from tcpd 26 December 1999
Need more help on this topic? Click here
This article has no comments
Show me similar articles
tcpd was emailing me each time it detected something.  That's not what I want.
The problem
I had recently upgraded my system to 3.3-stable.   It was then that I started getting emails like this:
Date sent:    Sun, 26 Dec 1999 17:18:36 +1300 (NZDT)
From:         Charlie Root <root>
To:           root
Subject:      tcpd: root@dallas-r.tx.us.undernet.org[204.178.73.175] 
              tried to use telnetd  (denied)

[dallas-r.tx.us.undernet.org]

The above was Undernet checking to see if I was running an insecure proxy server (I wasn't).  But such things are already recorded in my logs and are reported to me by LogCheck.  I didn't want the email

The solution
If you look in /etc/hosts.allow, you'll find something like this:
# The rest of the daemons are protected. Backfinger and log by email.
ALL : ALL \
 : severity auth.info : spawn (/usr/bin/finger -l @%h | \
 /usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & \
 : twist /bin/echo "You are not welcome to use %d from %h."

Just comment out these lines and the email will stop.  It will also block incoming finger requests.  The attempts will be logged into your /var/log/messages file but you should verify this by conducting a few simple tests.  Here are the lines commented out:

# The rest of the daemons are protected. Backfinger and log by email.
# ALL : ALL \
# : severity auth.info : spawn (/usr/bin/finger -l @%h | \
#/usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & \
# : twist /bin/echo "You are not welcome to use %d from %h."

Or, if you were so inclined, you could do something like this:

# The rest of the daemons are protected. Backfinger and log by email.
ALL : ALL \
 : severity auth.info : spawn (/usr/bin/finger -l @%h | \
#/usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & \
 : twist /bin/echo "You are not welcome to use %d from %h."

This would return a message to the user, log the attempt, but not mail you.


Share
Need more help on this topic? Click here
This article has no comments
Show me similar articles