Auth/system-auth & POP3 daemon
Kevin D. Clark
clark_k at pannaway.com
Tue Aug 24 15:40:01 EDT 2004
"Brian Chabot" <brian at datasquire.net> writes:
> Of course xinetd is making connections on 110.
Sorry. Of course I meant 113.
> The interesting thing I found is this:
> ================
> # lsof -r -i tcp:113
> COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
> xinetd 8017 root 0u IPv4 1639491 TCP
> myhostname:40587->outside.fqdn.net:auth (SYN_SENT)
> ====================
[snip]
> Now the only possible setting I know of that might do this is (from
> /etc/xinetd.d/ipop3):
> log_on_success += USERID
> Could this be it? If so, how can I continue to log the userid without
> the auth request?
Are your PAM settings doing this? What does /etc/pam.d/pop and
/etc/pam.d/system-auth look like?
> > I'm betting that it is your x?inetd process.
>
>
> Good guess. Now to find out why it works on the LAN connection and
> not over the WAN port.....
Do you have a (possibly stateless) firewall on the WAN side that filters out TCP
SYNs from "non-standard" ports like TCP port 113?
Does your iptables setup on the POP3 server drop the incoming SYN/ACK
segments that result from the initial TCP SYN? What happens when you
temporaryly disable these?
Regards,
--kevin
--
"They can bill me!" - Ripley
More information about the gnhlug-discuss
mailing list