Auth/system-auth & POP3 daemon

Steven W. Orr steveo at syslang.net
Tue Aug 24 09:26:00 EDT 2004


On Tuesday, Aug 24th 2004 at 00:43 -0400, quoth Brian Chabot:

=>Quick question that *should* have a relatively easy answer, but I can't seem
=>to find it.
=>
=>I have a client (read: they're paying me to do this... not my choice in
=>protocols) who wants POP3 service.  I got it running fine (no problem there)
=>but users are having some trouble with it.
=>
=>The box is a Mandrake Linux 9.2 machine with the default POP3 daemon running
=>under xinetd.  It has 2 ethernet interfaces:  One is on the LAN subnet
=>(10.x.x.x eth1) and the other faces the outside world (eth0). Xinetd has the
=>POP3 service bound to all interfaces.
=>
=>Users can connect fine from the LAN side, but when they try to connect to the
=>POP3 service on the WAN side, they report a 30 second delay.  I had a user
=>with some technical knowledge running a traffic sniffer on his side (while at
=>work with the help of his IT guy) and he says that the POP3 server is trying
=>to connect to port 113 (AUTH/system-auth) on the client.  Same customer can
=>connect fine from inside the LAN using the 10.x.x.x IP but did not have a
=>sniffer at home.
=>
=>I'm beginning to wonder if the identd service is somehow sending the request
=>to the client to identify itself to 10.x.x.x.....
=>
=>Any idea how I might fix this?

You want to disable the identd service. This is done in your firewall. 
First you disable your identd daemon:

chkconfig identd off
service identd stop

Then you set that port for the identd service to refuse your connection, 
not drop or allow it. I'm using FIAIF so my config for that port looks 
like this:

INPUT[5]="REJECT tcp ident 0.0.0.0/0=>0.0.0.0/0"

Then when someone hits your server with an identd request, they 
immediately get a reject which is a perfectly good answer.

-- 
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net



More information about the gnhlug-discuss mailing list