>No, I don't run pine at all. I run elm sgid mail, where mail is a group
>that simply owns /var/mail, but that's it.

ah...the old "setgid mail" confugration...  :)

>The thing to note here that makes it unlikely that it was an automated
>process trying to do something is the message that immediately preceeded
>the one that's getting all the attention. Here they both are again:
>
>Dec 14 22:43:28 acheron sendmail[1464]: NOQUEUE: SYSERR: putoutmsg
>(user844.theonramp.net): error on output channel sending "220
>acheron.middleboro.ma.us ESMTP Sendmail 8.8.8/8.8.7; Sun, 14 Dec 1997
>22:43:28 -0500 (EST)": Broken pipe
>Dec 14 22:43:28 acheron sendmail[1464]: NOQUEUE: Null connection from
>root@localhost

hmm...same pid.  although the first message notes the remote host (is
that the remote host or you?), the second one doesn't.  peculiar...it
doesn't make sense.  that's not a "null connection from localhost".
there is a small window in the sendmail code (daemon.c:307-317)

	t = select(DaemonSocket + 1, FDSET_CAST &readfds,
		   NULL, NULL, &timeout);
	if (DoQueueRun)
		(void) runqueue(TRUE, FALSE);
	if (t <= 0 || !FD_ISSET(DaemonSocket, &readfds))
		continue;

	errno = 0;
	lotherend = socksize;
	t = accept(DaemonSocket,
	    (struct sockaddr *)&RealHostAddr, &lotherend);

during which the server socket could become available for accept(),
but the accept() may not be able to return "RealHostAddr" info.  i
*suppose* this might be a way to make the message come out, but your
sendmail notes the remote host name in the previous line, so i'm still
not certain that's it.

>Both messages occured during the same *second*. This may be coincidence,
>but it seems really unlikely, since I never receive sendmail connections
>from the outside world - I send and receive everything through uucp, over a
>part-time dynamic ppp account.

so...you're not even using sendmail?  perhaps you want to turn it off?
or, like me, add a line like this to your cf file:

    O DaemonPortOptions=Addr=127.0.0.1

i run sendmail (-bd -q30m) on my laptop so that mail can go out from
my laptop easily enough, but it should never have any cause to receive
email, so it doesn't listen for it.  i can talk to it via the loopback
interface, but that's it.

>A friend of mine was here, essentially sitting next to me, on the console,
>and he was mudding. (I know he didn't have anything direct to do with the
>sendmail thing, as I saw what was on his screen, and he was engrossed with
>the mud.) What I *suspect* is that someone on his mud saw where he was
>coming from, and decided to check it out. I saw the message on the console
>right after it happened, and while I could ping the machine listed in the
>message, crawling up the ports gave me no information, as either the
>machine's running something other than Unix, or it's tightly bolted down,
>much like mine will be pretty soon. :)

could be...that's certainly something i might do to someone i met on
irc or a mud.  :)

>I think one solution I'm definitely going to implement is to snag a copy of
>tcpwrappers and make just about everything available only to my local
>network. That would be a start, anyway. Nothing ever needs to initiate a
>connection from the outside world, and I feel that I can safely,
>universally, and unashamedly ban connections from theonramp.net. :)

how much of a network do you have anyway?  my laptop is freebsd
(anxiously awaiting 1.3's release :) but i have it serving next to
nothing.  and those things i am running have been hacked on (by yours
truly) to interact less with the outside network.

-- 
|-----< "CODE WARRIOR" >-----|
andrew@echonyc.com (TheMan)        * "ah!  i see you have the internet
codewarrior@daemon.org                               that goes *ping*!"
warfare@graffiti.com      * "information is power -- share the wealth."