BFD and EXIM

[rohit]

I was just going through the BFD rules directory

/usr/local/bfd/rules

and found that for exim the log processor is set to

LP="/var/log/exim_mainlog"

shouldn't that be

LP="/var/log/exim/mainlog"

Any ideas? I am not sure if BFD was ever checking the exim logs for brute force attacks

Also the rules for rh_pop3 and rh_imap are checking /var/log/messages file for processing? Shuldn't that be /var/log/maillog

Thanks in advance

 

[rohit]

Anyone?

I am running RHEL

I think on BSD/centos boxes the log file for exim is /var/log/exim_mainlog

 

[rohit]

any redhat users, who came across this issues and what did you do to fix it?

could you please check that what is the value of LP been set in your installation of BFD for exim and rh_pop3 and rh_imap rules under /usr/local/bfd/rules directory.

Thanks

 

[nobaloney]

for exim the log processor is set to

LP="/var/log/exim_mainlog"

shouldn't that be

LP="/var/log/exim/mainlog"

Yes, change it.

Jeff

 

[rohit]

Thanks jeff,

Shuld that be the case for rh_pop3 and rh_imap as well?

Also the rules for rh_pop3 and rh_imap are checking /var/log/messages file for processing? Shuldn't that be /var/log/maillog

 

[nobaloney]

Again yes. Since APF+BFD are not a DirectAdmin specific program the default locations may be completely wrong; you should check them all.

Jeff