xinetd messages in /var/log/messages

We seem to be getting a lot of these entries in /var/log/messages (every few seconds).

Does this look like incoming activity (i.e. machines looking to send smtp to us) or outgoing (maybe some virus spamming outbound)?

Apr 26 12:34:47 mybox xinetd[3475]: START: smtp pid=22547 from=x.x.x.x
Apr 26 12:34:49 mybox xinetd[3475]: START: smtp pid=22548 from=x.x.x.x
Apr 26 12:34:49 mybox xinetd[3475]: START: smtp pid=22549 from=x.x.x.x
Apr 26 12:34:50 mybox xinetd[3475]: START: smtp pid=22550 from=x.x.x.x
Apr 26 12:34:52 mybox xinetd[3475]: START: smtp pid=22551 from=x.x.x.x
Apr 26 12:34:53 mybox xinetd[3475]: EXIT: smtp status=0 pid=22500 duration=31(sec)
Apr 26 12:34:56 mybox xinetd[3475]: EXIT: smtp status=0 pid=22502 duration=32(sec)

It looks like these are being generated by a bunch rblsmtpd processes, e.g.

root     22954  3475  0 12:44 ?        00:00:00 /usr/sbin/rblsmtpd -r whois.rfc-ignorant.org -r bl.spamcop.net -r sbl.spamhaus.org -r xbl.spamhaus.org -r psbl.surriel.com /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true

Which in turn are children of
root      3475     1  0  2009 ?        00:45:15 xinetd -stayalive -pidfile /var/run/xinetd.pid

Can someone offer an explanation?

Thanks
BT
brothertomAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

thedwillCommented:
looks pretty normal to me.  Are all the IP (x.x.x.x) the same?  
Could be the big bad Internet trying to relay or legitimate inbound traffic.

0
brothertomAuthor Commented:
No, the x.x.x.x are different.
What I really need to know is this - does this log entry indicate incoming SMTP or outgoing SMTP attempts.
Alsl, I don't understand what xinetd is bringing to the party.

0
joolsSenior Systems AdministratorCommented:
It seems to be coming from rblsmtp so may be worth checking the software, it seems like some sort of blacklisting tool but I've not used it myself.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
brothertomAuthor Commented:
I believe its part of the anti-spam mechanism.   Any thoughts on the direction of STMP traffic shown in the log.  I assuming its incoming because there would be no need to log outgoing SMTP
0
joolsSenior Systems AdministratorCommented:
have you done whois/nslookups on the smtp ip addresses?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.