Re: SMTP problem.

To: Vineet Kumar <debian-security@virtual.doorstop.net>
Cc: Debian-security@lists.debian.org
Subject: Re: SMTP problem.
From: Lars Roland Kristiansen <m00lrk@math.ku.dk>
Date: Tue, 23 Jul 2002 10:11:31 +0200 (MET DST)
Message-id: <[🔎] Pine.OSF.4.21.0207231004540.21529-100000@gram.math.ku.dk>
In-reply-to: <[🔎] 20020723074416.GI334@doorstop.net>

On Tue, 23 Jul 2002, Vineet Kumar wrote:

> * Lars Roland Kristiansen (m00lrk@math.ku.dk) [020723 00:37]:
> > Hi debian security geeks.
> > 
> > I have a woody box running as a mail gateway with postfix (popbeforesmtp
> > and local relay for 192.168.2.1) and pop3 (soon to be imap just need
> > outlook 2002 in the company as it supports multiple imap and pop3
> > accounts). My problem is that my log seem to be running full of strange
> > messages like these.
> > 
> > Jul 23 06:17:53 mail postfix/smtpd[5472]: connect from
> > unknown[192.168.2.1]
> > Jul 23 06:17:56 mail postfix/smtpd[5472]: disconnect from
> > unknown[192.168.2.1]
> > Jul 23 06:17:58 mail postfix/smtpd[5468]: connect from
> > unknown[192.168.2.1]
> > Jul 23 06:17:59 mail postfix/smtpd[5468]: disconnect from
> > unknown[192.168.2.1]
> > 
> > 
> > I dont realy see why this is there it seams to come there in about 2-3
> > sec. How do i track this down - i have a firewall in front of it and it is
> > also running iptables - so it should be pretty secure but this should not
> > be there should it ???.
> 
> This doesn't look particularly harmful, but if it is the "unknown" part
> that is scaring you, try adding an entry for 192.168.2.1 in /etc/hosts.
> Other than that, it just looks like that host is making an smtp
> connection and then later disconnecting. This will happen each time it
> relays a message through you, and is nothing to be alarmed about (unless
> you don't intend to be accepting mail from this host, but as I
> understood your setup, that's exactly what you intend to be doing).

Well maby you are right it is only a littel strange that when it ralays a
mail it says somthing like this.

Jul 23 10:10:12 mail
postfix/cleanup[7634]: 1B8CC43C024: message-id=<C093ADA63B306349A0FF08A6619DA67407BE38@travisexch.travis.com>
Jul 23 10:10:12 mail
postfix/qmgr[284]: 1B8CC43C024: from=<lroland@travis.com>, size=794,
nrcpt=1 (queue active)
Jul 23 10:10:12 mail postfix/smtpd[7633]: disconnect from
unknown[192.168.2.1]
Jul 23 10:10:13 mail
postfix/smtp[7636]: 1B8CC43C024: to=<m00lrk@math.ku.dk>,
relay=imf.math.ku.dk[130.225.103.32], delay=1, status=sent (250 2.0.0
g6N89Qx26308 Message accepted for delivery)

So if this is when it is duing somthing what is the rest and is there a
way to track it down.




___
Mvh./Yours sincerely

Lars 

========================================================================
Lars Roland Kristiansen 		         
Stu. Sci. Math/Computer science		           
Copenhagen University -			    
Institute for Mathematical Sciences	       
Url: www.math.ku.dk			   
Email: m00lrk@math.ku.dk		  
========================================================================

   "Politics is for the moment, equations are forever"
                                                    - Albert Einstein



-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: SMTP problem.
  - From: Tomasz Papszun <tomek@lodz.tpsa.pl>

References:
- Re: SMTP problem.
  - From: Vineet Kumar <debian-security@virtual.doorstop.net>

Prev by Date: unsubscribe
Next by Date: Re: SMTP problem.
Previous by thread: unsubscribe
Next by thread: Re: SMTP problem.
Index(es):
- Date
- Thread