Dan,
Subject: [suse-security] funny popper-entry
This ps output below isn't really related to pop. This is sendmail.
ps x | grep sendmail: 4837 ? S 0:00 sendmail: accepting connections on port 25 5719 ? S 0:00 sendmail: QAA05358 blackmail \ .fth.sbs.de.: user open
This shows your sendmail is busy with some SMTP/ESMTP negotiation with blackmail.fth.sbs.de. "user open" here means that sendmail attempts to open a tcp connection to blackmail. Assumingly, this box is behind a firewall that drops all packets, so your sendmail waits until the first timeout occurs. I'd assume that this mail will return within 5 days. You could use `ps fauxw' to make a clearer output.
along with a "connect from unknown" and a "fromless" mail in the maillog.
Are you sure you didn't confuse syslogs and mailqueue? Every syslog line usually contains the name of the program which wrote the line (with the exception of tcpd/libwrap...).
That a problem ?
Your hints for the puzzle are inconclusive. You'd need to send in more information, such as detailed lines from the syslog. You could disguise the names of hosts and users if this suits your need for privacy.
thanks dan
Roman. -- _ _ | Roman Drahtmüller "Freedom means that you can choose | CC University of Freiburg what you want to learn at a given | email: draht@uni-freiburg.de time." A. Becker, 1999 | - - People often find it easier to be a result of the past than a cause of the future.