[CLUE-Tech] maillog not receiving messages
Kevin Fenzi
kevin at scrye.com
Mon Dec 15 15:31:47 MST 2003
>>>>> "Jason" == Jason Friedman <Jason.Friedman at xemkt.com> writes:
Jason> /var/log/maillog is suddenly not being updated. The mail
Jason> server (postfix) is running and sending and receiving properly.
Jason> Other log files in /var/log are being updated fine, too.
Jason> $ grep "mail" /etc/syslog.conf | grep -v "^#"
Jason> *.info;mail.none;news.none;authpriv.none;cron.none
Jason> /var/log/messages mail.* /var/log/maillog
I have seen compromised machines where the intruder made log files
immutable...
lsattr /var/log/maillog
to see if it's immutable.
It would be odd for them to just do that with the maillog tho.
Is the maillog exceptionally large? Perhaps it's over 2GB and
something wasn't compiled with over 2GB limits for files?
Just some suggestions...
kevin
More information about the clue-tech
mailing list