From owner-freebsd-questions Thu Feb 14 19:23: 1 2002 Delivered-To: freebsd-questions@freebsd.org Received: from ares.blahz.ab.ca (h24-64-95-79.cg.shawcable.net [24.64.95.79]) by hub.freebsd.org (Postfix) with SMTP id D54A437B416 for ; Thu, 14 Feb 2002 19:22:57 -0800 (PST) Received: (qmail 23064 invoked by uid 508); 15 Feb 2002 03:23:04 -0000 Received: from bsd-lists@blahz.ab.ca by ares.blahz.ab.ca with qmail-scanner-1.01 (sweep: 2.9/3.54. . Clean. Processed in 1.033019 secs); 15 Feb 2002 03:23:04 -0000 Received: from unknown (HELO zeus) (24.64.93.132) by h24-64-95-79.cg.shawcable.net with SMTP; 15 Feb 2002 03:23:03 -0000 From: "Mike Roest" To: "'Ozzie Gurkan'" , Subject: RE: Suspicious connection to yahoo.com port 25 from my machine??? Date: Thu, 14 Feb 2002 20:23:04 -0700 Message-ID: <000001c1b5d0$1781eba0$845d4018@zeus> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: <001b01c1b5ce$94c6c6f0$8119fea9@OGURKAN> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG That would be your sendmail daemon if you're actually using your machine as a mail server. As SMTP is runs on port 25, if you use the gateway as a SMTP server you send messages to port 25 on the gateway. It then opens an unrestricted port (>1024) and connects to port 25 of the MX server for yahoo. So are you by chance send email to either people who use yahoo for there email or to any Yahoo Groups? If so there is your answer, if not I would see if anyone else is sending email to people at yahoo, but I would say that that is your most likely explaination. --Mike -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of Ozzie Gurkan Sent: Thursday, February 14, 2002 8:12 PM To: freebsd-questions@freebsd.org Subject: Suspicious connection to yahoo.com port 25 from my machine??? I supposedly have nothing running on my computer that would make a port 25 request except for the default daemons such as sendmail, sshd, ftpd, and telnetd. I also have mysqld, tomcat, and apache. I have been watching my router logs and the machine keeps going to port 25 from port 18xx on my machine. How do I find out what application is doing that on FreeBSD? Is it my time server? Thanks, Ozzie Gurkan Manheim Interactive Software Engineer 404-269-8776 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message