[Dovecot] rkhunter alert dovecot using port 1984
mark at campbell-lange.net
Wed Mar 16 11:54:42 EET 2011
I've had another one this morning (on port 2006), and can see its still open
mailhub:~# netstat -tulnap | grep 2006
tcp 0 0 10.0.0.24:143 10.0.3.96:2006 ESTABLISHED 19372/imap
This all looks ok - The client should be communcating over a higher port
On Wed, Mar 09, 2011 at 08:23:40PM +0200, Timo Sirainen wrote:
> On 8.3.2011, at 12.43, Mark Adams wrote:
> > Warning: Network TCP port 1984 is being used by /usr/lib/dovecot/imap.
> > Possible rootkit: Fuckit Rootkit
> > Use the 'lsof -i' or 'netstat -an' command to check this.
> > Does dovecot use this port for any reason? anyone seen this before?
> No & no.
More information about the dovecot