On a client's machine I am seeing the following in /var/log/secure:
Jul 24 09:38:57 server xinetd[712]: START: pop3 pid=9265 from=203.206.48.98
Jul 24 09:38:57 server xinetd[9265]: USERID: pop3 UNIX : StyleZdark
but in /var/log/maillog I see:
Jul 24 09:38:57 server ipop3d[9265]: pop3 service init from 203.222.73.162
Jul 24 09:38:58 server ipop3d[9265]: Login user=adam
host=203-206-48-98-dial.froggy.com.au [203.206.48.98] nmsgs=0/0
Jul 24 09:38:59 server ipop3d[9265]: Logout user=adam
host=203-206-48-98-dial.froggy.com.au [203.206.48.98] nmsgs=0 ndele=0
The POP3 usernames don't match up and neither do the host IP addresses! The
connection is made from 203.222.73.162 but 203.206.48.98 is checking the
mail?
The POP3 names are things like:
dARk_s7y13z
IcE_StyleZ
stylezIcE
`Ice|Stylez
{Ice^Stylez]
{Beer|Stylez}
StYlEzDark
dark_StYlEz
The names are quite worrying. Anyone have any idea what is happening here?
Regards,
+-----------------------+---------------------------------+
| Peter Kiem | E-Mail : <[EMAIL PROTECTED]> |
| Zordah IT | Mobile : +61 0414 724 766 |
| IT Consultancy & | WWW : www.zordah.net |
| Internet Hosting | ICQ : "Zordah" 866661 |
+-----------------------+---------------------------------+
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
