Is there any component of qmail/ucspi-tcp that would initiate identd
lookups on a remote host? A network admin has complained that his
server has been receiving a large amount of identd queries to his
server coming from our mailserver.
Here's the excerpt from the logfile he sent us. 210.16.71.2 is our mailserver.
Apr 6 07:40:11 lillie /kernel: ipfw: 500 Deny TCP 210.110.247.244:53
161.184.159.82:111 in via ed0
Apr 6 08:06:37 lillie /kernel: ipfw: 500 Deny TCP 210.16.71.2:4963
161.184.159.82:113 in via ed0
Apr 6 08:06:58 lillie last message repeated 3 times
Apr 6 08:36:04 lillie /kernel: ipfw: 500 Deny TCP 210.16.71.2:3168
161.184.159.82:113 in via ed0
Apr 6 08:36:22 lillie last message repeated 2 times
Apr 6 09:06:12 lillie /kernel: ipfw: 500 Deny TCP 210.16.71.2:1153
161.184.159.82:113 in via ed0
Apr 6 09:06:33 lillie last message repeated 3 times
Apr 6 10:05:51 lillie /kernel: ipfw: 500 Deny TCP 210.16.71.2:3246
161.184.159.82:113 in via ed0
Apr 6 10:06:12 lillie last message repeated 2 times
Apr 6 10:39:18 lillie /kernel: ipfw: 500 Deny TCP 210.16.71.2:4250
161.184.159.82:113 in via ed0
Apr 6 10:39:36 lillie last message repeated 2 times
Apr 6 11:06:09 lillie /kernel: ipfw: 500 Deny TCP 210.16.71.2:4038
161.184.159.82:113 in via ed0
Apr 6 11:06:18 lillie last message repeated 2 times
Apr 6 12:07:37 lillie /kernel: ipfw: 500 Deny TCP 210.16.71.2:1681
161.184.159.82:113 in via ed0
Apr 6 12:07:46 lillie last message repeated 2 times
Apr 6 12:35:40 lillie /kernel: ipfw: 500 Deny TCP 210.16.71.2:1410
161.184.159.82:113 in via ed0
Apr 6 12:36:01 lillie last message repeated 3 times
Apr 6 13:05:38 lillie /kernel: ipfw: 500 Deny TCP 210.16.71.2:1899
161.184.159.82:113 in via ed0
TIA,
Brian
--
[EMAIL PROTECTED]
http://www.baquiran.com
AIM: bbaquiran
