From owner-freebsd-security Sat Dec 15 1:54:29 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.axelero.hu (cmail.axelero.hu [195.228.240.83]) by hub.freebsd.org (Postfix) with SMTP id 1476E37B41B for ; Sat, 15 Dec 2001 01:54:26 -0800 (PST) Received: (qmail 29836 invoked from network); 15 Dec 2001 10:54:24 +0100 Received: from adsl202.231.axelero.hu (HELO Picasso.Zahemszky.HU) (root@195.228.231.202) by mail.axelero.hu with SMTP; 15 Dec 2001 10:54:24 +0100 Received: (from zgabor@localhost) by Picasso.Zahemszky.HU (8.11.6/8.11.6) id fBF9ua000505 for freebsd-security@freebsd.org; Sat, 15 Dec 2001 10:56:36 +0100 (CET) (envelope-from zgabor) Date: Sat, 15 Dec 2001 10:56:36 +0100 From: =?iso-8859-1?Q?Zahemszky_G=E1bor?= To: freebsd-security@freebsd.org Subject: Re: okay now I am worried Message-ID: <20011215105636.B338@Picasso.Zahemszky.HU> References: <000001c184f6$133d72e0$fa01a8c0@rjstech.com> <20011214175310.D3473@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011214175310.D3473@blossom.cjclark.org>; from cjc@FreeBSD.ORG on Fri, Dec 14, 2001 at 05:53:10PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! > > (date) /kernel: Connection attempt to UDP 127.0.0.1:512 from 127.0.0.1:XXXX > > biff(1). Compare the date to times of mail delivery in > /var/log/maillog. By the way, the port is biff, but the connection is from sendmail. And the message is from log_in_vain, so biff(1) isn't running. > > reading up on the ports udp 512 is biff, but I am not running any mail > > server. The only mail I get is generated by daily reports in cron. > > Which delivers mail locally and will do the old biff(1) thang. So there are two possibilities: 1) (from sendmail manual): uncomment the biff port in /etc/services (if you didn't install any other MTA) 2) edit /etc/mail/sendmail.cf, and change in the Mlocal part: === Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qPSXfmnz9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, T=DNS/RFC822/SMTP, A=mail.local -l -B --------------------------------^ === in the original version, there isn't the ``-B'' option. man mail.local: -B Turn off the attempts to notify the service. By: ZGabor < Gabor at Zahemszky dot HU > -- #!/bin/ksh Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message