unwanted email from tcpd

unwanted email from tcpd

tcpd was emailing me each time it detected something.  That’s not what I
want.

The problem

I had recently upgraded my system to 3.3-stable.
  It was then that I started getting emails like this:

Date sent:    Sun, 26 Dec 1999 17:18:36 +1300 (NZDT)
From:         Charlie Root <root>
To:           root
Subject:      tcpd: root@dallas-r.tx.us.undernet.org[204.178.73.175] 
              tried to use telnetd  (denied)

[dallas-r.tx.us.undernet.org]

The above was Undernet checking to see if I was running an insecure proxy server (I
wasn’t).  But such things are already recorded in my logs and are reported to me by LogCheck.  I didn’t want the email

The solution

If you look in /etc/hosts.allow, you’ll find something like this:

# The rest of the daemons are protected. Backfinger and log by email.
ALL : ALL \
 : severity auth.info : spawn (/usr/bin/finger -l @%h | \
 /usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & \
 : twist /bin/echo "You are not welcome to use %d from %h."

Just comment out these lines and the email will stop.  It will also block incoming
finger requests.  The attempts will be logged into your /var/log/messages file but
you should verify this by conducting a few simple tests.  Here are the lines
commented out:

# The rest of the daemons are protected. Backfinger and log by email.
# ALL : ALL \
# : severity auth.info : spawn (/usr/bin/finger -l @%h | \
#/usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & \
# : twist /bin/echo "You are not welcome to use %d from %h."

Or, if you were so inclined, you could do something like this:

# The rest of the daemons are protected. Backfinger and log by email.
ALL : ALL \
 : severity auth.info : spawn (/usr/bin/finger -l @%h | \
#/usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & \
 : twist /bin/echo "You are not welcome to use %d from %h."

This would return a message to the user, log the attempt, but not mail you.

Leave a Comment

Scroll to Top