From owner-freebsd-questions@FreeBSD.ORG  Thu Dec  2 16:19:09 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CAF0F16A4D1
	for <freebsd-questions@freebsd.org>;
	Thu,  2 Dec 2004 16:19:09 +0000 (GMT)
Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8D25143D2D
	for <freebsd-questions@freebsd.org>;
	Thu,  2 Dec 2004 16:19:07 +0000 (GMT)
	(envelope-from fgleiser@cactus.fi.uba.ar)
Received: from localhost (localhost [127.0.0.1])
	by cactus.fi.uba.ar (8.12.11/8.12.11) with ESMTP id iB2GKnbB099376;
	Thu, 2 Dec 2004 13:20:54 -0300 (ART)
	(envelope-from fgleiser@cactus.fi.uba.ar)
Date: Thu, 2 Dec 2004 13:20:49 -0300 (ART)
From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar>
To: Christian Hiris <4711@chello.at>
In-Reply-To: <200412021656.01136.4711@chello.at>
Message-ID: <20041202131730.F66254@cactus.fi.uba.ar>
References: <20041202123606.GA50028@dogma.freebsd-uk.eu.org>
	<20041202140601.GA53089@dogma.freebsd-uk.eu.org>
	<200412021656.01136.4711@chello.at>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Score: -104.901 () BAYES_00,USER_IN_WHITELIST
X-Scanned-By: MIMEDefang 2.42
cc: freebsd-questions@freebsd.org
cc: Jonathon McKitrick <jcm@freebsd-uk.eu.org>
Subject: Re: Why these connections from 127.0.0.1?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Dec 2004 16:19:09 -0000

On Thu, 2 Dec 2004, Christian Hiris wrote:

> >
> > Should I disable log-in-vain or somehow allow these through?
>
> The log-in-vain sysctl only controls logging behavior, it has no influence on
> how the packets are handled.

Exactly.

>
>
> AFAIK know SMTP servers try to gain some information (like username and
> systemname) from a clientsystem via identd. So if you decide to enable
> identd, better check your mail-headers afterwards.
>
> I never run comsat/biff, so I can't tell you much about. 'man 8 comsat' and
> 'man 1 biff' is your friend.

In the original case, it seems he is not runing those services. When sendmail
(or whatever mta he's using) tries to make an ident lookup, it fails and
log in vain logs the connection attempt to the closed port (it only logs
attempts to connect to closed ports). Same for biff, something tries
to query biff, the connection is refused because it isn't listening,
log in vain logs it. That simple, I wouldn't worry about it



			Fer