Hi folks,

today I got some strange messages in the log files. It's a quite usual woody box (apache, some (about 15) POP accounts, no smtp relaying, no ftp accounts, nothing exciting) with postfix install from .deb-package.

###################### snip #####################
Apr 4 07:11:15 [myhostname] postfix/smtpd[11734]: lost connection after CONNECT from localhost[]
Apr 4 07:11:15 [myhostname] postfix/smtpd[11734]: lost connection after CONNECT from localhost[]
Apr 4 07:11:15 [myhostname] sshd[11733]: Did not receive identification string from
Apr 4 07:11:15 [myhostname] postfix/smtpd[11734]: lost connection after CONNECT from localhost[]
Apr 4 07:11:21 [myhostname] postfix/smtpd[11734]: lost connection after CONNECT from c138095.adsl.hansenet.de[]
Apr 4 07:11:21 [myhostname] postfix/smtpd[11734]: lost connection after CONNECT from c138095.adsl.hansenet.de[]
Apr 4 07:11:21 [myhostname] sshd[11735]: Did not receive identification string from
Apr 4 07:11:21 [myhostname] postfix/smtpd[11734]: lost connection after CONNECT from c138095.adsl.hansenet.de[]
###################### snip #####################

(The "[myhostname]" entries are replacements made by me here for privacy reasons. There originally was the real hostname.)

Who the hell may connect from localhost and lose connection but a local user?
But, there is no (shouldn't be) any local user.

Is it possible to fake smtpd about the client's ip? I think, the guy from is the same as the one in the first few lines, and he/she isn't real from localhost (I hope so), but fakes smtpd to think so. Am I right?

Or do I have to worry about some rootkit or anything similar?

Thanks in advance!

