[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SMTP problem.



* Lars Roland Kristiansen (m00lrk@math.ku.dk) [020723 00:37]:
> Hi debian security geeks.
> 
> I have a woody box running as a mail gateway with postfix (popbeforesmtp
> and local relay for 192.168.2.1) and pop3 (soon to be imap just need
> outlook 2002 in the company as it supports multiple imap and pop3
> accounts). My problem is that my log seem to be running full of strange
> messages like these.
> 
> Jul 23 06:17:53 mail postfix/smtpd[5472]: connect from
> unknown[192.168.2.1]
> Jul 23 06:17:56 mail postfix/smtpd[5472]: disconnect from
> unknown[192.168.2.1]
> Jul 23 06:17:58 mail postfix/smtpd[5468]: connect from
> unknown[192.168.2.1]
> Jul 23 06:17:59 mail postfix/smtpd[5468]: disconnect from
> unknown[192.168.2.1]
> 
> 
> I dont realy see why this is there it seams to come there in about 2-3
> sec. How do i track this down - i have a firewall in front of it and it is
> also running iptables - so it should be pretty secure but this should not
> be there should it ???.

This doesn't look particularly harmful, but if it is the "unknown" part
that is scaring you, try adding an entry for 192.168.2.1 in /etc/hosts.
Other than that, it just looks like that host is making an smtp
connection and then later disconnecting. This will happen each time it
relays a message through you, and is nothing to be alarmed about (unless
you don't intend to be accepting mail from this host, but as I
understood your setup, that's exactly what you intend to be doing).

good times,
Vineet
-- 
http://www.doorstop.net/
-- 
"Computer Science is no more about computers
than astronomy is about telescopes."  -- E.W. Dijkstra

Attachment: pgpXSL3jh7YmP.pgp
Description: PGP signature


Reply to: