Dec 261999
unwanted email from tcpd
tcpd was emailing me each time it detected something. That’s not what I want.The problem
I had recently upgraded my system to 3.3-stable. It was then that I started getting emails like this:Date sent: Sun, 26 Dec 1999 17:18:36 +1300 (NZDT) From: Charlie Root <root> To: root Subject: tcpd: root@dallas-r.tx.us.undernet.org[204.178.73.175] tried to use telnetd (denied) [dallas-r.tx.us.undernet.org]
The above was Undernet checking to see if I was running an insecure proxy server (I wasn’t). But such things are already recorded in my logs and are reported to me by LogCheck. I didn’t want the email
The solution
If you look in /etc/hosts.allow, you’ll find something like this:# The rest of the daemons are protected. Backfinger and log by email. ALL : ALL \ : severity auth.info : spawn (/usr/bin/finger -l @%h | \ /usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & \ : twist /bin/echo "You are not welcome to use %d from %h."
Just comment out these lines and the email will stop. It will also block incoming finger requests. The attempts will be logged into your /var/log/messages file but you should verify this by conducting a few simple tests. Here are the lines commented out:
# The rest of the daemons are protected. Backfinger and log by email. # ALL : ALL \ # : severity auth.info : spawn (/usr/bin/finger -l @%h | \ #/usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & \ # : twist /bin/echo "You are not welcome to use %d from %h."
Or, if you were so inclined, you could do something like this:
# The rest of the daemons are protected. Backfinger and log by email. ALL : ALL \ : severity auth.info : spawn (/usr/bin/finger -l @%h | \ #/usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & \ : twist /bin/echo "You are not welcome to use %d from %h."
This would return a message to the user, log the attempt, but not mail you.