* Lars Roland Kristiansen (m00lrk@math.ku.dk) [020723 00:37]: > Hi debian security geeks. > > I have a woody box running as a mail gateway with postfix (popbeforesmtp > and local relay for 192.168.2.1) and pop3 (soon to be imap just need > outlook 2002 in the company as it supports multiple imap and pop3 > accounts). My problem is that my log seem to be running full of strange > messages like these. > > Jul 23 06:17:53 mail postfix/smtpd[5472]: connect from > unknown[192.168.2.1] > Jul 23 06:17:56 mail postfix/smtpd[5472]: disconnect from > unknown[192.168.2.1] > Jul 23 06:17:58 mail postfix/smtpd[5468]: connect from > unknown[192.168.2.1] > Jul 23 06:17:59 mail postfix/smtpd[5468]: disconnect from > unknown[192.168.2.1] > > > I dont realy see why this is there it seams to come there in about 2-3 > sec. How do i track this down - i have a firewall in front of it and it is > also running iptables - so it should be pretty secure but this should not > be there should it ???. This doesn't look particularly harmful, but if it is the "unknown" part that is scaring you, try adding an entry for 192.168.2.1 in /etc/hosts. Other than that, it just looks like that host is making an smtp connection and then later disconnecting. This will happen each time it relays a message through you, and is nothing to be alarmed about (unless you don't intend to be accepting mail from this host, but as I understood your setup, that's exactly what you intend to be doing). good times, Vineet -- http://www.doorstop.net/ -- "Computer Science is no more about computers than astronomy is about telescopes." -- E.W. Dijkstra
Attachment:
pgpqSTUap8auE.pgp
Description: PGP signature