Auth/system-auth & POP3 daemon

Brian Chabot brian at datasquire.net
Tue Aug 24 15:00:01 EDT 2004


Kevin D. Clark wrote:

 > The only way to be sure about what process is initiating this ident
 > request is to explicitly track down which process is initiating the
 > request.
 >
 > So, during this 30 second window, type the following on the
 > POP3 server:
 >
 >   lsof -i tcp:110


Of course xinetd is making connections on 110.

The interesting thing I found is this:
================
# lsof -r -i tcp:113
COMMAND  PID USER   FD   TYPE  DEVICE SIZE NODE NAME
xinetd  8017 root    0u  IPv4 1639491       TCP 
myhostname:40587->outside.fqdn.net:auth (SYN_SENT)
====================

...and
=====================
# lsof -r -i tcp:113 -i tcp:110 -c 0
COMMAND   PID USER   FD   TYPE  DEVICE SIZE NODE NAME
xinetd   1231 root   13u  IPv4    1822       TCP *:pop3 (LISTEN)
xinetd  10229 root    0u  IPv4 1792765       TCP 
myhostname:40650->outside.fqdn.net:auth (SYN_SENT)
xinetd  10229 root   13u  IPv4    1822       TCP *:pop3 (LISTEN)
xinetd  10229 root   16u  IPv4 1792758       TCP 
myhostname:pop3->outside.fqdn.net:24225 (ESTABLISHED)
======================


This tells me that xinetd is, indeed trying to connect to the outside 
world immediately before a POP3 connection.

Now the only possible setting I know of that might do this is (from 
/etc/xinetd.d/ipop3):
         log_on_success          += USERID
Could this be it?  If so, how can I continue to log the userid without 
the auth request?

 > I'm betting that it is your x?inetd process.


Good guess.  Now to find out why it works on the LAN connection and not 
over the WAN port.....


Brian

-- 
---------------------------------------------------------------
|   brian at datasquire.net            http://www.hirebrian.net  |
|                Simply the Best IT/MIS Manager               |
|          Self-taught, Fast Learner, and Team Player         |
|            Ready to Start TODAY at Your Company.            |
---------------------------------------------------------------



More information about the gnhlug-discuss mailing list