Kevin D. Clark wrote:
> The only way to be sure about what process is initiating this ident > request is to explicitly track down which process is initiating the > request. > > So, during this 30 second window, type the following on the > POP3 server: > > lsof -i tcp:110
Of course xinetd is making connections on 110.
The interesting thing I found is this:
================
# lsof -r -i tcp:113
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
xinetd 8017 root 0u IPv4 1639491 TCP myhostname:40587->outside.fqdn.net:auth (SYN_SENT)
====================
...and
=====================
# lsof -r -i tcp:113 -i tcp:110 -c 0
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
xinetd 1231 root 13u IPv4 1822 TCP *:pop3 (LISTEN)
xinetd 10229 root 0u IPv4 1792765 TCP myhostname:40650->outside.fqdn.net:auth (SYN_SENT)
xinetd 10229 root 13u IPv4 1822 TCP *:pop3 (LISTEN)
xinetd 10229 root 16u IPv4 1792758 TCP myhostname:pop3->outside.fqdn.net:24225 (ESTABLISHED)
======================
This tells me that xinetd is, indeed trying to connect to the outside world immediately before a POP3 connection.
Now the only possible setting I know of that might do this is (from /etc/xinetd.d/ipop3):
log_on_success += USERID
Could this be it? If so, how can I continue to log the userid without the auth request?
> I'm betting that it is your x?inetd process.
Good guess. Now to find out why it works on the LAN connection and not over the WAN port.....
Brian
-- --------------------------------------------------------------- | [EMAIL PROTECTED] http://www.hirebrian.net | | Simply the Best IT/MIS Manager | | Self-taught, Fast Learner, and Team Player | | Ready to Start TODAY at Your Company. | --------------------------------------------------------------- _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss