'Re: [psad-discuss] help with psad'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       psad-discuss
Subject:    Re: [psad-discuss] help with psad
From:       Michael Rash <mbr () cipherdyne ! org>
Date:       2014-05-30 13:07:12
Message-ID: CABv+sEdo7tzjKkokzX1cSrVUtehjWngspYoMbQsYTzv6AJ0RnA () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On Fri, May 30, 2014 at 5:50 AM, Ari Constancio <ari.constancio@gmail.com>
wrote:

> On Fri, May 30, 2014 at 10:46 AM, hernani <coelho.hernani@sapo.pt> wrote:
> >
> > Em 29-05-2014 08:44, hernani escreveu:
> >> hello,
> >>
> >> now when i make this command ---> sudo /etc/init.d/psad start
> >>
> >> give me this error ----> Starting psad: mail: RCPT TO:<[psad-status]
> >> firewall setup warning on hernani!@sapo.pt> (553 we don't relay
> (#5.7.1))
> >> [*] Another /usr/sbin/psad process is already running, exiting. at
> >> /usr/sbin/psad line 10741.
> >>
> > now when i make this command --->
> >   sudo /etc/init.d/psad restart
> >
> >
> > [sudo] password for hernani:
> >   * Stopping the psadwatchd process
> >   * Stopping the kmsgsd process
> >   * Stopping the psad process
> >   * Stopping Port Scan Attack Detector psad                            =
[
> > OK ]
> >
> >
> >   give me this error---->
> >
> > mail: 554 do not accept sender without TLD (#5.1.7)
> >
> >
> >   * Starting Port Scan Attack Detector
> > psad                               [ OK ]
> > now give me this
>
> It seems you have problems with your MTA setup, which psad uses to send
> alerts.
> Maybe Michael can clarify this.
>

Yes, indeed that appears to the problem.  Hernani, you will need to review
your MTA configuration.  Given the error, you may be able to fix this just
by including a proper email address in /etc/psad/psad.conf.  In particular,
the default EMAIL_ADDRESSES variable is just "root@locahost", so I would
try putting an email with a top level domain like you@domain.com and then
restarting psad.

Thanks,

--Mike




>
> Regards,
> --
> Ari Const=C3=A2ncio
> GPG Fingerprint: C7DA F3CC 0AC6 D8B8 AC91 1FE2 DDA7 EAF5 F61E F16C
>
>

[Attachment #5 (text/html)]

<div dir="ltr"><br><div class="gmail_extra">On Fri, May 30, 2014 at 5:50 AM, Ari \
Constancio <span dir="ltr">&lt;<a href="mailto:ari.constancio@gmail.com" \
target="_blank">ari.constancio@gmail.com</a>&gt;</span> wrote:<br><div \
class="gmail_quote"> <blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div \
class="h5">On Fri, May 30, 2014 at 10:46 AM, hernani &lt;<a \
href="mailto:coelho.hernani@sapo.pt">coelho.hernani@sapo.pt</a>&gt; wrote:<br>

&gt;<br>
&gt; Em 29-05-2014 08:44, hernani escreveu:<br>
&gt;&gt; hello,<br>
&gt;&gt;<br>
&gt;&gt; now when i make this command ---&gt; sudo /etc/init.d/psad start<br>
&gt;&gt;<br>
&gt;&gt; give me this error ----&gt; Starting psad: mail: RCPT \
TO:&lt;[psad-status]<br> &gt;&gt; firewall setup warning on hernani!@<a \
href="http://sapo.pt" target="_blank">sapo.pt</a>&gt; (553 we don&#39;t relay \
(#5.7.1))<br> &gt;&gt; [*] Another /usr/sbin/psad process is already running, \
exiting. at<br> &gt;&gt; /usr/sbin/psad line 10741.<br>
&gt;&gt;<br>
&gt; now when i make this command ---&gt;<br>
&gt;    sudo /etc/init.d/psad restart<br>
&gt;<br>
&gt;<br>
&gt; [sudo] password for hernani:<br>
&gt;    * Stopping the psadwatchd process<br>
&gt;    * Stopping the kmsgsd process<br>
&gt;    * Stopping the psad process<br>
&gt;    * Stopping Port Scan Attack Detector psad                                     \
[<br> &gt; OK ]<br>
&gt;<br>
&gt;<br>
&gt;    give me this error----&gt;<br>
&gt;<br>
&gt; mail: 554 do not accept sender without TLD (#5.1.7)<br>
&gt;<br>
&gt;<br>
&gt;    * Starting Port Scan Attack Detector<br>
&gt; psad                                              [ OK ]<br>
&gt; now give me this<br>
<br>
</div></div>It seems you have problems with your MTA setup, which psad uses to send \
alerts.<br> Maybe Michael can clarify this.<br></blockquote><div><br></div><div>Yes, \
indeed that appears to the problem.   Hernani, you will need to review your MTA \
configuration.   Given the error, you may be able to fix this just by including a \
proper email address in /etc/psad/psad.conf.   In particular, the default \
EMAIL_ADDRESSES variable is just &quot;root@locahost&quot;, so I would try putting an \
email with a top level domain like <a href="mailto:you@domain.com">you@domain.com</a> \
and then restarting psad.</div> \
<div><br></div><div>Thanks,</div><div><br></div><div>--Mike</div><div><br></div><div><br></div><div> \
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> <br>
Regards,<br>
<span class="HOEnZb"><font color="#888888">--<br>
Ari Constâncio<br>
GPG Fingerprint: C7DA F3CC 0AC6 D8B8 AC91 1FE2 DDA7 EAF5 F61E F16C<br>
</font></span><div class="HOEnZb"><div \
class="h5"><br></div></div></blockquote></div><div dir="ltr"><br></div> </div></div>



------------------------------------------------------------------------------
Time is money. Stop wasting it! Get your web API in 5 minutes.
www.restlet.com/download
http://p.sf.net/sfu/restlet

_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic