Date: Thu, 2 Dec 2004 13:20:49 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: Christian Hiris <4711@chello.at> Cc: Jonathon McKitrick <jcm@freebsd-uk.eu.org> Subject: Re: Why these connections from 127.0.0.1? Message-ID: <20041202131730.F66254@cactus.fi.uba.ar> In-Reply-To: <200412021656.01136.4711@chello.at> References: <20041202123606.GA50028@dogma.freebsd-uk.eu.org> <20041202140601.GA53089@dogma.freebsd-uk.eu.org> <200412021656.01136.4711@chello.at>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2 Dec 2004, Christian Hiris wrote: > > > > Should I disable log-in-vain or somehow allow these through? > > The log-in-vain sysctl only controls logging behavior, it has no influence on > how the packets are handled. Exactly. > > > AFAIK know SMTP servers try to gain some information (like username and > systemname) from a clientsystem via identd. So if you decide to enable > identd, better check your mail-headers afterwards. > > I never run comsat/biff, so I can't tell you much about. 'man 8 comsat' and > 'man 1 biff' is your friend. In the original case, it seems he is not runing those services. When sendmail (or whatever mta he's using) tries to make an ident lookup, it fails and log in vain logs the connection attempt to the closed port (it only logs attempts to connect to closed ports). Same for biff, something tries to query biff, the connection is refused because it isn't listening, log in vain logs it. That simple, I wouldn't worry about it Fer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041202131730.F66254>