I have installed an centos machine running zimbra with apf firewall. I only have a few ports open to the outside such as 25,443,110 etc. I have installed ossec to keep an eye on this but every no then I get a message which gets emailed to my phone about 12 times. I don't mind the odd 1 but I want to stop this.
I enclose the ossec email below and the ip address does change so not the same 1. I just need to know how I can sort the issue.
OSSEC HIDS Notification.
2010 Jul 29 13:02:57
Received From: mail->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Jul 29 13:02:54 mail named: connection refused resolving '1004web.com/NS/IN': 18.104.22.168#53
--END OF NOTIFICATION