Turns out the identd was identifying remote sender when using this machine
as a mail relay.
I found that apache web server was running at 199.0.22.2
"The Internet Mail Relay Services Survey Project is a self-funded
all-volunteer project whose intent is to collect information regarding
so-called Open E-mail Relay Servers on the Internet."
anyone ever heard of this? Sounds like it could be used maliciously... but
so far it's only been a few probes the last 6 months.... no abuse of open
email relay server... YET. Time to upgrade sendmail on this one.
here's a quick explanation that Rob McCauley sent me on inetd:
> The normal TCP/IP stack only provides information on the IP address
>of the remote machine. In some cases the remote site wants to figure
>out which *user* owns the communication channel. In this case the
>identd (identity daemon) is connected, and based on the socket number
>it returns the user name that that socket belongs to.
> If you are worried, disable identd (probably through inetd.conf). Should
>not hurt anything as running identd is not mandatory, many O/S-es do
>not even have it.
and my original question:
>We have the following message in our logs...
>what does it mean and what is the purpose of identd?
>
>Jun 15 04:18:38 <machine> identd[2322]: Connection from 199.0.22.2
>Jun 15 04:18.38 <machine> identd[2322]: Successful lookup: 1777,25:root
>
>Thanks,
>Dan
--------------------------------------------------------------------------
Dan Kirkpatrick dkirk_at_phy.syr.edu
Computer Systems Manager
Department of Physics
Syracuse University, Syracuse, NY
http://www.phy.syr.edu/~dkirk Fax: (315) 443-9103
--------------------------------------------------------------------------
Received on Tue Jun 15 1999 - 15:48:50 NZST