HPE Community
Operating System - HP-UX
1825782 Members
2180 Online
109687 Solutions
New Discussion

NOQUEUE

 
Timothy P. Jackson
Valued Contributor

‎10-17-2006 02:06 PM

‎10-17-2006 02:06 PM

NOQUEUE

Hello everyone!

I am generating the following entries in my /var/adm/syslog/mail.log. It seems to be putting one entry each minute.

hp5 sendmail[18253] NOQUEUE: Null Connection from [192.168.9.10]

Does any one have any idea what this means?

Any Help would be greatly appreciated.

Tim
0 Kudos
4 REPLIES 4
Patrick Wallek
Honored Contributor

‎10-17-2006 02:33 PM

‎10-17-2006 02:33 PM

Re: NOQUEUE

It looks like the machine at 192.168.9.10 is connecting, or attempting to connect to sendmail on your hp-ux host.

Have a look at this from the Sendmail FAQ at sendmail.org:
http://www.sendmail.org/faq/section4.html#4.18

If the IP address given is not local, then I would shut sendmail down on this machine unless it is absolutely necessary.

Remember that sendmail only needs to be running if you are receiving mail. If you just need to send mail from this server, then sendmail does NOT need to be running all the time.
0 Kudos
Steven E. Protter
Exalted Contributor

‎10-17-2006 06:39 PM

‎10-17-2006 06:39 PM

Re: NOQUEUE

Shalom,

By default sendmail is set up by HP-UX to accept external mail. This is a security hazard.

Also by default however, sendmail is configured to not permit relay of mail, which this message indicates has been attempted, even if accidently.

There is nothing from the security standpoint that need be done accept to edit /etc/rc.config.d/mailsvrs and set sendmail daemon option to 0 so it doesn't run any more.

/sbin/init.d/sendmail stop

Then contact the admin of the other system about this mail relay thing, thats a sign of poor systems administration (unless its you) and a potential security hazard.

:-)

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Matti_Kurkela
Honored Contributor

‎10-17-2006 07:48 PM

‎10-17-2006 07:48 PM

Re: NOQUEUE

Does the host 192.168.9.10 contain some sort of a network monitoring system? (If the answer is "not to your knowledge", then go and inspect that host. If you didn't change the IP address in the message you posted, I think that host is probably in your own network.)

"Null connection" means that the computer at the listed IP address is connecting to sendmail on hp5, but isn't actually transmitting anything; it just closes the connection immediately after establishing it. Some simple (or simplistic) network monitoring systems do that if they are configured to "check to see whether a service in TCP port X on host Y is running". Some services log null connections, some don't.

A regular once-a-minute polling would also suggest that this is an automatic action of some sort.

If the cause is a monitoring system and you don't want to disable the monitoring, you might want to pre-process your logs to remove the known non-interesting log entries before viewing and/or archiving the logs.
MK
0 Kudos
Timothy P. Jackson
Valued Contributor

‎10-18-2006 12:21 AM

‎10-18-2006 12:21 AM

Re: NOQUEUE

Thanks everyone for your inputs!

I was aware that sendmail did not have to be running to send mail via smart relay. I just had never seen this particular message before.

I am not the administator on this system so I will have them set the start flag to 0 and stop sendmail. Then they will have to find out why some thing is trying to connect to this system. This system only needs to have out going mail.

Thanks again for all you help
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.