Hi, folks.
I've been using stunnel on our mail server (sendmail, spamassassin, clamav, mailscanner, mailwatch). I note the following being written to syslog, and wonder if stunnel is causing it:
Mar 29 14:07:31 mail1 su(pam_unix)[29493]: session closed for user nobody
Mar 29 14:08:00 mail1 stunnel: LOG5[15993:3076422576]: pop3s accepted connection from 192.168.100.58:1723
Mar 29 14:08:00 mail1 stunnel: LOG5[15993:3076422576]: pop3s connected remote server from 127.0.0.1:33540
Mar 29 14:08:00 mail1 stunnel: LOG5[15993:3076422576]: Connection closed: 138 bytes sent to SSL, 42 bytes sent to socket
Mar 29 14:08:43 mail1 su(pam_unix)[29640]: session opened for user nobody by (uid=0)
Mar 29 14:08:43 mail1 su(pam_unix)[29640]: session closed for user nobody
Mar 29 14:09:00 mail1 stunnel: LOG5[15993:3076422576]: pop3s accepted connection from 192.168.100.58:1724
Mar 29 14:09:00 mail1 stunnel: LOG5[15993:3076422576]: pop3s connected remote server from 127.0.0.1:33544
Mar 29 14:09:00 mail1 stunnel: LOG5[15993:3076422576]: Connection closed: 138 bytes sent to SSL, 42 bytes sent to socket
Mar 29 14:10:00 mail1 stunnel: LOG5[15993:3076422576]: pop3s accepted connection from 192.168.100.58:1725
Mar 29 14:10:00 mail1 stunnel: LOG5[15993:3076422576]: pop3s connected remote server from 127.0.0.1:33546
Mar 29 14:10:00 mail1 stunnel: LOG5[15993:3076422576]: Connection closed: 138 bytes sent to SSL, 42 bytes sent to socket
Mar 29 14:10:11 mail1 su(pam_unix)[30025]: session opened for user nobody by (uid=0)
Mar 29 14:10:11 mail1 su(pam_unix)[30025]: session closed for user nobody
Mar 29 14:10:33 mail1 su(pam_unix)[30075]: session opened for user nobody by (uid=0)
Mar 29 14:10:33 mail1 su(pam_unix)[30075]: session closed for user nobody
Mar 29 14:11:00 mail1 stunnel: LOG5[15993:3076422576]: pop3s accepted connection from 192.168.100.58:1726
Mar 29 14:11:00 mail1 stunnel: LOG5[15993:3076422576]: pop3s connected remote server from 127.0.0.1:33559
Mar 29 14:11:00 mail1 stunnel: LOG5[15993:3076422576]: Connection closed: 138 bytes sent to SSL, 42 bytes sent to socket
Mar 29 14:11:03 mail1 su(pam_unix)[30206]: session opened for user nobody by (uid=0)
Mar 29 14:11:03 mail1 su(pam_unix)[30206]: session closed for user nobody
Mar 29 14:11:06 mail1 su(pam_unix)[30215]: session opened for user nobody by (uid=0)
Mar 29 14:11:06 mail1 su(pam_unix)[30215]: session closed for user nobody
It's the sessions opened and closed for the user nobody that has me concerned. stunnel appears to be the only process being run by the user nobody. If, in fact, this is caused by stunnel, do I keep these (and only these) session opened/closed instances from being logged?
Thanks.
Dimitri
--
This message has been scanned for viruses and
dangerous content by
MailScanner, and is
believed to be clean.