The FreeBSD Diary

Date sent:    Sun, 26 Dec 1999 17:18:36 +1300 (NZDT)
From:         Charlie Root <root>
To:           root
Subject:      tcpd: root@dallas-r.tx.us.undernet.org[204.178.73.175] 
              tried to use telnetd  (denied)

[dallas-r.tx.us.undernet.org]

The above was Undernet checking to see if I was running an insecure proxy server (I wasn't).  But such things are already recorded in my logs and are reported to me by LogCheck.  I didn't want the email

# The rest of the daemons are protected. Backfinger and log by email.
ALL : ALL \
 : severity auth.info : spawn (/usr/bin/finger -l @%h | \
 /usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & \
 : twist /bin/echo "You are not welcome to use %d from %h."

Just comment out these lines and the email will stop.  It will also block incoming finger requests.  The attempts will be logged into your /var/log/messages file but you should verify this by conducting a few simple tests.  Here are the lines commented out:

# The rest of the daemons are protected. Backfinger and log by email.
# ALL : ALL \
# : severity auth.info : spawn (/usr/bin/finger -l @%h | \
#/usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & \
# : twist /bin/echo "You are not welcome to use %d from %h."

Or, if you were so inclined, you could do something like this:

# The rest of the daemons are protected. Backfinger and log by email.
ALL : ALL \
 : severity auth.info : spawn (/usr/bin/finger -l @%h | \
#/usr/bin/mail -s "tcpd\: %u@%h[%a] tried to use %d (denied)" root) & \
 : twist /bin/echo "You are not welcome to use %d from %h."

This would return a message to the user, log the attempt, but not mail you.