Auth/system-auth & POP3 daemon
Brian Chabot
brian at datasquire.net
Tue Aug 24 15:00:01 EDT 2004
Kevin D. Clark wrote:
> The only way to be sure about what process is initiating this ident
> request is to explicitly track down which process is initiating the
> request.
>
> So, during this 30 second window, type the following on the
> POP3 server:
>
> lsof -i tcp:110
Of course xinetd is making connections on 110.
The interesting thing I found is this:
================
# lsof -r -i tcp:113
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
xinetd 8017 root 0u IPv4 1639491 TCP
myhostname:40587->outside.fqdn.net:auth (SYN_SENT)
====================
...and
=====================
# lsof -r -i tcp:113 -i tcp:110 -c 0
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
xinetd 1231 root 13u IPv4 1822 TCP *:pop3 (LISTEN)
xinetd 10229 root 0u IPv4 1792765 TCP
myhostname:40650->outside.fqdn.net:auth (SYN_SENT)
xinetd 10229 root 13u IPv4 1822 TCP *:pop3 (LISTEN)
xinetd 10229 root 16u IPv4 1792758 TCP
myhostname:pop3->outside.fqdn.net:24225 (ESTABLISHED)
======================
This tells me that xinetd is, indeed trying to connect to the outside
world immediately before a POP3 connection.
Now the only possible setting I know of that might do this is (from
/etc/xinetd.d/ipop3):
log_on_success += USERID
Could this be it? If so, how can I continue to log the userid without
the auth request?
> I'm betting that it is your x?inetd process.
Good guess. Now to find out why it works on the LAN connection and not
over the WAN port.....
Brian
--
---------------------------------------------------------------
| brian at datasquire.net http://www.hirebrian.net |
| Simply the Best IT/MIS Manager |
| Self-taught, Fast Learner, and Team Player |
| Ready to Start TODAY at Your Company. |
---------------------------------------------------------------
More information about the gnhlug-discuss
mailing list