Bob Kinney writes:
Perhaps I'm just being dense here, but the connections are opened when the service in started, before any authentication requests should be made. Plus as I said, the connection being made is to the ldap server serving login accounts. On top of that, I would think that the authdaemon process would have these sockets open if they were for authentication purposes.
Nothing happens when the IMAP or the POP3 server gets started. The couriertcpd process runs as root, and it continues to run as root until it gets a valid login/password.
You should try to work this out backwards. Turn up logging your LDAP server, and find out what these requests actually ask for.
pgpObmRssiJbt.pgp
Description: PGP signature
