HPE Community
Operating System - HP-UX
1833056 Members
2431 Online
110049 Solutions
New Discussion

NOQUEUE in /var/adm/syslog/mail.log - what means ?

 
Rod White
Frequent Advisor

‎03-28-2006 11:19 AM

‎03-28-2006 11:19 AM

NOQUEUE in /var/adm/syslog/mail.log - what means ?

Hi to the Gurus

I noticed some entries in /var/adm/syslog/mail.log that have "NOQUEUE: Null connection from ..." followed by an IP address.

Not knowing what this meant I wrote a shell script to grep out the lines, cut the IP and put it into /etc/mail/DeniedIP where not already there. This built up a list of IP addresses that had NOQUEUE entries which were refused connection.

I had assumed that these entries may had been attempts to hack my mail server.

Can anyone tell me what the NOQUEUE entries are and whether I should ignore them as just an internet connection issue or treat them as a security issue ?

Thanks

Rod White
0 Kudos
Reply
4 REPLIES 4
Rajeev Shukla
Honored Contributor

‎03-28-2006 11:34 AM

‎03-28-2006 11:34 AM

Re: NOQUEUE in /var/adm/syslog/mail.log - what means ?

I guess the entry is something like this

NOQUEUE: Null connection from host.domain [IP.AD.DD.RESS]

This ususally means that that host.domain connected to your Sendmail server but didn't issue any commands.
If it happens sometimes you can ignore it. If it happens very often, it's either someone playing around or it's a network problem or some virus related issue with the host.domain host.

Regards
Rajeev
0 Kudos
Reply
Sandman!
Honored Contributor

‎03-28-2006 11:39 AM

‎03-28-2006 11:39 AM

Re: NOQUEUE in /var/adm/syslog/mail.log - what means ?

Either disable or comment out the ident timeout line in the /etc/mail/sendmail.cf file.

O Timeout.ident=0
or
#O Timeout.ident=

Comment out identd line in inetd.conf file and restart inetd with the "-c" switch.

cheers!
0 Kudos
Reply
Rod White
Frequent Advisor

‎03-29-2006 11:09 AM

‎03-29-2006 11:09 AM

Re: NOQUEUE in /var/adm/syslog/mail.log - what means ?

Sandman

in the sendmail.cf file the only two lines uncommented with values were the defaults of Timeout.queuewarm=4h and Timeout.queuereturn=5d

All other "O Timeout." lines were commented out.

As for the identd line in inetd.conf ..

In what way does removing the ident service effect the NOQUEUE issue in sendmail ?

What impact would stopping this service have on other system processes such as rlogin, ftp, nfs ?

in other words, what benefit to sendmail does turning off this service provide with respect to disadvantages in other processes.

Rod
0 Kudos
Reply
Rod White
Frequent Advisor

‎03-29-2006 11:14 AM

‎03-29-2006 11:14 AM

Re: NOQUEUE in /var/adm/syslog/mail.log - what means ?

Rajeev

I get around 10 distinct new IP addresses per day from the mail.log file tha have NOQUEUE.

In total the DeniedIP file now contains around 330 IPs collected.

Is there any other information in the mail.log entry that I could do a test on to see if it is a mail connection with a network issue rather than a spurious connection to this port (either hacker or virus) ?

Perhaps if I increased the Timeout.ident setting to overcome network timeouts from real mail servers and then ran the process this would then only pickup spurious connections ???????

Rod

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.