Hi Daniel,
Sep 24 14:51:20 host sendmail[13594]: OAA13594: forward /bin/false/.forward.host: Not a directory
These are most likely a result of /bin/false used as the home directory of the user. This is an error: The user home directory must exist, must be a directory, must be owned by the user and must be readable and writeable for the user it belongs to. Sendmail checks for the existence of .forward files in the recipient's home directory. If the entry in /etc/passwd isn't a directory, you get these errors. If the user does not log on (or is not supposed to be able to do so in the first place), then give him a root-owned read-only directory. This suits the first two conditions and should be enough for mail delivery.
Sep 24 16:40:52 host popper[14336]: warning: can't get client address: Connection reset by peer
This seems to ba a half-open connection that died before it was fully established. It happens with some sorts of port scans, but occurs with other error conditions as well.
any normal user connecting to the system (intern/extern) can't use a valid shell (just /bin/false). what's going on? some kind of attack? i think i am a little bit paranoid since i am reading this mailing list...:-) thanks and bye,
You're not paranoid unless you're absolutely sure they already got you! :-)
daniel
Roman.
--
- -
| Roman Drahtmüller