[lug] Sendmail thoughts.....

Sean Reifschneider jafo at tummy.com
Thu Dec 14 15:33:35 MST 2000

On Thu, Dec 14, 2000 at 02:59:13PM -0700, D. Stimits wrote:
>Good point. But that would also raise an eyebrow if a machine is for
>some reason being asked to connect to the port on an unknown machine. If
>someone had managed to put spam relay onto the box, would this be a
>possible symptom?

If somone put a UCE relay on your machine, you'd be seeing a many of those
sorts of messages per second.  What do your mail logs say?  It's your
mail server that's making the connection it would seem.

If you're really desperate, it's pretty easy to write a fake ident
daemon which would run an "fuser -n tcp <port>" on the port that the
ident connection is requesting information for.

 "The Galleria Ferrari is a temple to the red road gods."
                 -- Mayor of Maranello, speaking of the Ferrari Museum
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python

More information about the LUG mailing list