Re: logwatch and imap
Joe Mc Cool wrote:
>Please,
>
>logwatch is reporting:
>
>
>
>> --------------------- IMAP Begin ------------------------
>>
>>
>>[IMAPd] Connections:
>>=========================
>> Host | Connections | SSL | Total
>>-------------------------------------- | ----------- | -------- | ---------
>> 62.194.153.108 | 1 | 0 | 1
>> 69.43.178.11 | 1 | 0 | 1
>>---------------------------------------------------------------------------
>> 2 | 0 | 2
>>
>>
>>
>>**Unmatched Entries**
>> Command stream end of file, while reading line user=??? host=[69.43.178.11]: 1 Time(s)
>> Null command before authentication host=h153108.upc-h.chello.nl [62.194.153.108]: 2 Time(s)
>>
>> ---------------------- IMAP End -------------------------
>>
>>
>
>But, AFAIK, I am not using imap. Certainly ps -ef | grep imap
>displays nothing. The reported ip addresses mean nothing to me.
>
>Is my system being exploited in some way ?
>
>Thanks
>
>Joe
>
>
>
>
Joe
ps -ef only show part of the services, others are using via inetd or xinetd.
Please check your /etc/inetd.conf our /etc/xinetd.conf and remove:
...
service imaps
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/imapd
}
service pop-3
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.qpopper
server_args = -f /etc/qpopper.conf
}
...
bye
Reply to: