On 12/15/97 at 3:48 PM -0500, you wrote:

> this is what you get if you *telnet* to the smtp port.  you can also
> run sendmail in the same mode (eg, smtp) from the command line.

Hm... Since the message said it came from "root@localhost", does this mean
that someone broke in, obtained root, and ran sendmail from a root shell?
My logs didn't say anything about anyone becoming root at that time - I was
on, at the time, and I didn't notice anything strange.

> so-and-so@localhost is what you get when sendmail can't do a
> getpeername() because it doesn't have one.  :)

What other ways are there to get that, besides running sendmail from the
command line? If that's the *only* way this error comes about, then it
seems like perhaps someone did break in, although I have no other traces
other than the mail logs. That would be a bit distressing. Root can't
telnet in - the only way to become root (that I know of) is to log in at
the console, or log in as a user in group wheel and su. For that to happen,
someone would have to have two passwords, and that's really unlikely, since
my root password has never gone out over the net, and it's a mixed-case
monstrosity anyway.

Here's my typical batch of processes running as root:

update, telnetd, sendmail, syslogd, cron, ksh, <ksh>, init, inetd,
<slattach>, <getty>, <portmap>



I'd love to have more ideas... What's the most likely explanation for this:

Dec 14 22:43:28 acheron sendmail[1464]: NOQUEUE: Null connection from
root@localhost

??? I know I didn't run it myself from the command line.

> fwiw - this was also a bug in paul vixie's rbl map code for sendmail.

I don't believe I'm running that... I'm running a fairly stock sendmail setup.

Thanks in advance for the help!

--
Mason Loring Bliss...mason@acheron.middleboro.ma.us...www.webtrek.com/mason
"In the drowsy dark cave of the mind dreams build their nest with fragments
 dropped from day's caravan."--Rabindranath Tagore...awake ? sleep : dream;