Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] funny popper-entry
  • From: Roman Drahtmueller <draht@xxxxxxxxxxxxxxx>
  • Date: Fri, 3 Mar 2000 02:44:53 +0100 (MET)
  • Message-id: <Pine.LNX.4.21.0003022149420.1301-100000@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>

> Subject: [suse-security] funny popper-entry

This ps output below isn't really related to pop. This is sendmail.

> ps x | grep sendmail:
> 4837 ? S 0:00 sendmail: accepting connections on port 25
> 5719 ? S 0:00 sendmail: QAA05358 blackmail \
> user open

This shows your sendmail is busy with some SMTP/ESMTP negotiation with "user open" here means that sendmail attempts to
open a tcp connection to blackmail. Assumingly, this box is behind a
firewall that drops all packets, so your sendmail waits until the first
timeout occurs. I'd assume that this mail will return within 5 days.

You could use `ps fauxw' to make a clearer output.

> along with a "connect from unknown" and a "fromless" mail
> in the maillog.

Are you sure you didn't confuse syslogs and mailqueue?
Every syslog line usually contains the name of the program which wrote the
line (with the exception of tcpd/libwrap...).

> That a problem ?

Your hints for the puzzle are inconclusive. You'd need to send in more
information, such as detailed lines from the syslog. You could disguise
the names of hosts and users if this suits your need for privacy.

> thanks
> dan

_ _
| Roman Drahtmüller "Freedom means that you can choose |
CC University of Freiburg what you want to learn at a given
| email: draht@xxxxxxxxxxxxxxx time." A. Becker, 1999 |
- -
People often find it easier to be a result of the past than a cause of
the future.

< Previous Next >