As Rick said, it's a sendmail thing. I agree that it's ok to ignore, but to
prevent to unnecessary clutter in your firewall logs, I would recommend that
you disable logging for port 113 ONLY. Also, it is best if you can set up
you firewall to send a REJECT rather than a DENY packet or silently dropping
the packet. REJECT sends a TCP RST packet which alert the mailserver that
it should stop the connect attempt.
> Dean A. Luethje, SysAdmin
> Bell Paper Box, Inc.
>
> "The opinions expressed are mine alone and do not constitute
> company policy
> or opinion."
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Rick Murphy
Sent: Tuesday, March 21, 2000 7:51 AM
To: Dirk.Nerling; Firewall (M-list)
Subject: Re: why do I have such a lot of port 113 connects???
At 02:03 PM 3/21/00 +0100, Dirk.Nerling wrote:
>I do have a lot of the following entries in my log file:
>
>Mar 21 13:50:23 wall /kernel: ipfw: 2910 Deny TCP 134.130.107.20:4060
>194.139.111.2:113 in via de1
Probably triggered by your sending mail to 134.130.107.20. Many versions of
sendmail connect back to the auth port on a sending system. If you're
concerned, check the correspondence between mail delivery and auth
attempts; since your firewall is denying them, there's no harm in any case
so I'd just ignore it.
-Rick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
