Den 2017-07-21 kl. 19:36, skrev Werner Flamme:
Hi,
this morning, my company's postmaster sent me an excerpt from the mail log stating that there is some software on one of my boxes that doesn't speak proper IMAP.
19-Jul-2017 22:38:33.49 tcp_local BS 0 rfc822; a1 LOGOUT 500 5.5.1 Unknown command "a1 LOGOUT" specified TCP|a.b.c.d|465|a.b.e.f|48270
Hi, I would try (given that there is no evil going on that corrupted your iptables) with iptables and tracking the log and then trigger a script to run lsof when this happens. Something like this if the port is 465: iptables -I OUTPUT 1 -m state --state NEW -p tcp --dport 465 -j LOG --log-prefix "New-OUTPUT-465-Connection: " journalctl -f | awk '/New-OUTPUT-IMAP-Connection/ {system("/usr/local/bin/script.sh")}' Create script.sh and edit it to your liking. Beware that there can be race conditions between the logs and running the script. regards, -- /bengan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org