Eduardo Soriano wrote:
> Since a couple of days /var/log/secure of our firewall is reporting some starnge
> messages like:
>
> Aug 25 03:07:34 www imapd[9092]: error: cannot execute /usr/sbin/imapd: No such file
>or directory
> Aug 25 03:07:39 www imapd[9093]: connect from dhcp9538066.columbus.rr.com
> Aug 25 03:07:39 www imapd[9093]: error: cannot execute /usr/sbin/imapd: No such file
>or directory
> Aug 28 02:55:13 www imapd[11737]: connect from 195.63.135.67.rev.rmc.de
> Aug 28 02:55:13 www imapd[11737]: error: cannot execute /usr/sbin/imapd: No such
>file or directory
> Aug 28 02:55:13 www ipop3d[11738]: connect from 195.63.135.67.rev.rmc.de
> Aug 28 02:55:13 www ipop3d[11738]: error: cannot execute /usr/sbin/ipop3d: No such
>file or directory
> Aug 28 02:55:13 www imapd[11740]: connect from 195.63.135.67.rev.rmc.de
> Aug 28 02:55:14 www imapd[11743]: warning: can't get client address: Connection
>reset by peer
> Aug 28 02:55:14 www imapd[11743]: connect from unknown
> Aug 28 02:55:14 www imapd[11743]: error: cannot execute /usr/sbin/imapd: No such
>file or directory
> Aug 28 02:55:14 www imapd[11744]: warning: can't get client address: Connection
>reset by peer
> Aug 28 02:55:14 www imapd[11744]: connect from unknown
>
> Is someone having an idea about what are they trying to do on the other side
It would appear that 195.63.135.67 is trying to retrieve mail from
your server, but you don't have pop3d or imapd installed.
You should probably remove the pop3 and imap entries from
/etc/inetd.conf (unless you want to provide POP3 and/or IMAP service,
in which case you should install the necessary daemons).
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
