too many smtp in /var/log/secure
hi all
i've been getting alot of smpt logs in my /var/log/secure anyone know what these entry mean? Mar 4 09:50:26 < my ip > xinetd[19534]: START: smtp pid=12411 from=72.14.220. 158 Mar 4 09:49:36 < my ip > xinetd[19534]: START: smtp pid=12396 from=83.110.15. 135 Mar 4 09:49:24 < my ip > xinetd[19534]: START: smtp pid=12394 from=67.193.82. i get about a 100 entry every day..seems suspicious.. |
Quote:
- What is Xinetd? - What services does it provide? - Where are those services configured? - What per-service logging options are available to you? What can they be configured to log? Some questions a responsable admin could ask himself whenever auditing service logs: - Are the IP addressess in the last field of the logs allowed to access the service? - What per-service access restrictions are available to you? - Why are you not using TLS or a SSL wrapper like Stunnel? |
thanks for the reply,
answers to your question 1) Xinetd managed internet connection activity 2) provides whole bunch of services than can be found on their site http://xinetd.org/#features 3) configuration resides in /etc/xinetd.d - not sure about service access restriction, how can i found out? My question is whether its normal to have this many request in my log. Our server does not have a script to generate smtp message. nor are my client sending massive emails every min thanks |
Quote:
Quote:
Quote:
|
All times are GMT -5. The time now is 04:29 PM. |