Hello, I just happened to be looking at the logs when I saw something odd...
Virtually every log entry showing an IMAP connection is followed immediately by a LOGIN username entry, like so: May 2 14:26:23 myhost imapd-ssl: Connection, ip=[::ffff:166.137.15.208] May 2 14:26:24 myhost imapd-ssl: LOGIN, [email protected], ip=[::ffff:166.137.15.208], port=[31770], protocol=IMAP But I happened to notice these two lines when looking at the logs for something else: May 2 14:26:44 myhost imapd-ssl: Connection, ip=[::ffff:166.137.9.4] May 2 14:26:45 myhost imapd-ssl: LOGOUT, ip=[::ffff:166.137.9.4], rcvd=60, sent=356 Every other LOGOUT entry is formatted like: May 2 14:30:32 myhost imapd-ssl: LOGOUT, [email protected], ip=[::ffff:67.223.90.245], headers=934, body=0, rcvd=561, sent=5312, time=1, starttls=1 So, what are these? I grepped the logs and there are a bunch of entries just like I showed for that IP address (real, not obfuscated, apparently a mycingular wireless address)... Is this some kind of 'keep-alive' from someone's phone? If so, why doesn't the LOGOUT entry show their username? Any feedback is appreciated... -- Best regards, Charles ------------------------------------------------------------------------------ _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
