From owner-freebsd-stable@FreeBSD.ORG Sun Feb 1 12:20:31 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 408CE16A4CE for ; Sun, 1 Feb 2004 12:20:31 -0800 (PST) Received: from gabby.gsicomp.on.ca (CPE00062566c7bb-CM000039c69a66.cpe.net.cable.rogers.com [67.60.231.164]) by mx1.FreeBSD.org (Postfix) with ESMTP id A254C43D2F for ; Sun, 1 Feb 2004 12:20:29 -0800 (PST) (envelope-from matt@gsicomp.on.ca) Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18]) by gabby.gsicomp.on.ca (8.12.9p2/8.12.9) with ESMTP id i11K1ujd057232; Sun, 1 Feb 2004 15:01:56 -0500 (EST) (envelope-from matt@gsicomp.on.ca) Message-ID: <001701c3e8fd$0727e1d0$1200a8c0@gsicomp.on.ca> From: "Matt Emmerton" To: =?ISO-8859-2?Q?Kov=E1cs_P=E9ter?= , References: Date: Sun, 1 Feb 2004 14:53:13 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-2" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: DNS problem X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Feb 2004 20:20:31 -0000 > Hello, > > I have two important questions concerning to FreeBSD. > > a. I have a Windows 2000 based Domain Name server. > Now this server always sends UDP connections to my FreeBSD box, but > I don't know why. The FreeBSD has two IP's, but this Windows > computer only sends these connections to one of the IP addresses. He > leaves alone the other one… How could this be? > Connection attempt to UDP FreeBSD_Box:1140 from Windows2000:53 > Connection attempt to UDP FreeBSD_Box:1142 from Windows2000:53 > Connection attempt to UDP FreeBSD_Box:1144 from Windows2000:53 > Connection attempt to UDP FreeBSD_Box:1689 from Windows2000:53 Port 53 is DNS. Which server in your organization is acting as a DNS server? If Windows is your DNS server, then it could be that your FreeBSD machine is trying to send UDP queries to your Windows box (to look up domain names). If you only have one network card in your FreeBSD box, then FreeBSD will always send outgoing packets with the primary IP of the network card (not using any of the aliased IPs.) This could be why you only see this kind of traffic with one IP address. > b. I usually get these refused connections, although I don't have a > username called 'webmaster'? How could this be? Why people try to > use the 'webmaster' user? > mail saslauthd[237]: AUTHFAIL: user=webmaster service=smtp realm= > [PAM auth error] > mail saslauthd[235]: AUTHFAIL: user=webmaster service=smtp realm= > [Null login/password (saslauthd)] It looks like someone is trying to relay spam through your organizations's mail servers, and is attempting to authenticate using the "webmaster" username. -- Matt Emmerton