Logs and how to read them

Mike Rambour mikey at b2systems.com
Wed Apr 21 20:07:26 UTC 2004

    I am a very newbie here and my ISP is saying they received a complaint 
about SPAM being sent from my machine, they claim its my IP that sent it 
(fixed IP, not DHCP).

   I have checked and I have relaying turned off and only 6 valid users on 
the machine, I forced a password change for all accounts.  I also used 
Abuse.Nets relay test to make sure I was not allowing relays. I have no 
idea how that SPAM got out.  Since this machine is a firewall for our 
office,  I tested all internal machines for virus/worms/etc with the latest 

  So, in the process I looked at all my logs in /var/log  I specifically 
grep'd for the email address that the spam was sent as and to and found no 
references to it in my logs implying it was not my machine.  But I found 
other things that I dont know how to read.

   I googled and found no place for a "how-to read logs and what they 
mean".  In /var/log/messages, I googled for "lame servers" and found that 
is ok along with a few other items.

  in maillog however, I see very few "Relaying denied" messages (I expected 
more of them) and a lot of "lost input" messages that from googling appears 
to be a spammer that got blocked and ok (is that true?).  In every case 
where a "lost input" was I could find 2 lines, one for the "from" and one 
for lost input with the matching "sendmail[xxxx]" number.

   But lines like these 2 below did NOT have matching lines, does this mean 
they got sent ? relayed thru my machine somehow ?  I could not find a fail 
or sent line for many lines like the ones below.

Apr 21 12:25:00 mail sendmail[1067]: MAA01067: 
from=<postmaster at hoteiscontinental.com.br>, size=1657, class=0, pri=0
, nrcpts=0, proto=ESMTP, relay=[]
Apr 21 12:29:03 mail sendmail[1214]: MAA01214: from=<>, size=0, class=0, 
pri=0, nrcpts=0, proto=SMTP, relay=fw1-81-80-126-2.bplc.fr []

   Where do I learn to read the various logs on Fedora/Linux ?  If I missed 
a google what should have I googled for ?


More information about the users mailing list