I was just going through the BFD rules directory

/usr/local/bfd/rules

and found that for exim the log processor is set to

LP="/var/log/exim_mainlog"

shouldn't that be

LP="/var/log/exim/mainlog"

Any ideas? I am not sure if BFD was ever checking the exim logs for brute force attacks

Also the rules for rh_pop3 and rh_imap are checking /var/log/messages file for processing? Shuldn't that be /var/log/maillog

Thanks in advance

Anyone?

I am running RHEL

I think on BSD/centos boxes the log file for exim is /var/log/exim_mainlog

any redhat users, who came across this issues and what did you do to fix it?

could you please check that what is the value of LP been set in your installation of BFD for exim and rh_pop3 and rh_imap rules under /usr/local/bfd/rules directory.

Thanks

for exim the log processor is set to

LP="/var/log/exim_mainlog"

shouldn't that be

LP="/var/log/exim/mainlog"
Yes, change it.

Jeff

Thanks jeff,

Shuld that be the case for rh_pop3 and rh_imap as well?


Also the rules for rh_pop3 and rh_imap are checking /var/log/messages file for processing? Shuldn't that be /var/log/maillog

Again yes. Since APF+BFD are not a DirectAdmin specific program the default locations may be completely wrong; you should check them all.

Jeff