From: "Jeremy C. Reed" <[EMAIL PROTECTED]>
> > qpopper 2.53-5 on xinetd.conf
>
> > $ telnet 194.224.7.3 110
> > Trying 194.224.7.3...
> > Connected to 194.224.7.3.
> > Escape character is '^]'.
> > Connection closed by foreign host.
> > $
> >
> > Though I am using the '-d' (debug) option of qpopper, it does not show
> > anything in the syslog or mail.log files due to the above try of
connection.
> > Is it posible that the qpopper daemon does not log the refused
connections?.
>
> Maybe qpopper is not even being ran.
>
> Configure your xinetd to give more logging; maybe like:
> log_type = SYSLOG local4 info
> log_on_success = PID HOST EXIT DURATION
> log_on_failure = HOST ATTEMPT
I have modified the xinetd.conf file:
<BEFORE>
service pop-3
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.qpopper
server_args = -d
}
<NOW>
service pop-3
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/in.qpopper
server_args = -d -t /var/log/pop3--trace-file.log -s
log_on_success = HOST USERID EXIT PID DURATION
log_on_failure = HOST ATTEMPT RECORD
log_type = SYSLOG local4 info
}
<NOW> syslog
Feb 15 09:44:18 excalibur xinetd[316]: FAIL: pop-3 address
from=80.25.136.215
Feb 15 09:44:37 excalibur last message repeated 49 times
<NOW> netstat --inet -n
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 1 194.224.7.3:110 80.25.136.215:42399 FIN_WAIT1
tcp 0 0 194.224.7.3:110 80.25.136.215:42398 TIME_WAIT
tcp 0 0 194.224.7.3:110 80.25.136.215:42397 TIME_WAIT
...
tcp 0 0 194.224.7.3:110 80.25.136.215:42337 TIME_WAIT
tcp 0 0 194.224.7.3:110 80.25.136.215:42336 TIME_WAIT
tcp 0 0 194.224.7.3:110 80.25.136.215:42335 TIME_WAIT
tcp 0 0 194.224.7.3:110 194.224.7.97:2049 TIME_WAIT
tcp 0 0 194.224.7.3:110 80.25.136.215:42334 TIME_WAIT
tcp 0 0 194.224.7.3:110 80.25.136.215:42333 TIME_WAIT
tcp 0 0 194.224.7.3:110 80.25.136.215:42332 TIME_WAIT
...
tcp 0 0 194.224.7.3:110 80.25.136.215:42033 TIME_WAIT
tcp 0 0 194.224.7.3:110 80.25.136.215:42032 TIME_WAIT
tcp 0 0 194.224.7.3:110 80.25.136.215:42031 TIME_WAIT
tcp 0 0 194.224.7.3:110 80.25.136.215:42030 TIME_WAIT
tcp 0 0 194.224.7.3:110 194.224.7.109:2057 TIME_WAIT
tcp 0 0 194.224.7.3:110 80.25.136.215:42400 SYN_RECV
<NOW> /var/log/pop3--trace-file.log
Fri Feb 15 10:10:46 2002 [656] (v2.53) Servicing request from
"developer.ene.es" at 194.224.7.96
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] +OK QPOP (version 2.53) at excalibur.ene.es
starting. <[EMAIL PROTECTED]>
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] Received: "USER jc"
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] +OK Password required for jc.
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] Received: "pass xxxxxxxxx"
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] Creating temporary maildrop
'/var/spool/pop/jc.pop'
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] uid = 1123, gid = 8
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] Checking for old .jc.pop file
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] Old .jc.pop file not found, errno (2)
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] Unable to create .popbull file (20)
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] +OK jc has 0 messages (0 octets).
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] Received: "STAT"
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] 0 message(s) (0 octets).
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] +OK 0 0
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] Received: "QUIT"
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] Performing maildrop update...
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] Checking to see if all messages were deleted
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] Stats: jc 0 0 0 0
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] +OK Pop server at excalibur.ene.es signing
off.
Fri Feb 15 10:10:46 2002
Fri Feb 15 10:10:46 2002 [656] (v2.53) Ending request from "jc" at
(developer.ene.es) 194.224.7.96
Fri Feb 15 10:10:46 2002
> > I have checked the firewall between us and InterNet but it appears
> > accurate:
>
> What does netstat on your 194.224.7.3 system show?
> netstat --inet -n -c
>
> Maybe watch top(1) to see if qpopper is even started.
The 'top' and 'ps -el' commands show, some times, the 'in.qpopper' process
executing. I think it is due to the no-FAILed client connections. I have
used an infinite loop with 'telnet 194.224.7.3 110' from 80.25.136.215 and:
1.- the syslog shows the FAIL
2.- the /var/log/pop3--trace-file.log shows nothing
3.- the "netstat --inet -n" command shows the above output
Note: The client address 80.25.136.215 has not a DNS entry, neither direct
nor reverse. (nslookup, dig). The /etc/hosts.allow has _only_ the "ALL: ALL"
line.
Regards,
Davi Leal
