On Sat, September 9, 2023 2:42 am, Matus UHLAR - fantomas via Postfix-users wrote: > On 08.09.23 23:13, lists--- via Postfix-users wrote:
Matus, Viktor, thanks > logs from unsuccessful attempts are important, not from the one that > succeeded. is there some proper way to identify that..? looking at lines immediately above I see like, I screen scrapped lines immediately above: Sep 8 16:40:34 geko postfix/qmgr[1654]: 708204346EE: removed Sep 8 16:40:37 geko postfix/postscreen[21264]: CONNECT from [111.222.333.444]:50452 to [103.106.168.106]:25 Sep 8 16:40:37 geko postfix/postscreen[21264]: PASS OLD [111.222.333.444]:50452 Sep 8 16:40:37 geko postfix/smtpd[15732]: connect from unknown[111.222.333.444] Sep 8 16:40:37 geko postfix/smtpd[15732]: Anonymous TLS connection established from unknown[111.222.333.444]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bitsSep 8 16:40:37 geko postfix/smtpd[15732]: lost connection after STARTTLS from unknown[111.222.333.444] Sep 8 16:40:37 geko postfix/smtpd[15732]: disconnect from unknown[111.222.333.444] ehlo=1 starttls=1 commands=2 Sep 8 16:40:46 geko postfix/smtpd[15519]: connect from unknown[111.222.333.444] Sep 8 16:40:46 geko postfix/smtpd[15519]: Anonymous TLS connection established from unknown[111.222.333.444]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 Sep 8 16:40:47 geko postfix/smtpd[15519]: 2556C4346EC: client=unknown[111.222.333.444], sasl_method=PLAIN, sasl_username=i...@tld.com.au Sep 8 16:44:24 geko postfix/anvil[1945]: statistics: max connection rate 4/3600s for (smtpd:185.222.58.40) at Sep 8 16:40:22 Sep 8 16:44:24 geko postfix/anvil[1945]: statistics: max connection count 3 for (smtpd:185.222.58.40) at Sep 8 16:40:19 Sep 8 16:41:06 geko postfix/smtpd[15519]: lost connection after DATA (0 bytes) from unknown[111.222.333.444] Sep 8 16:41:06 geko postfix/smtpd[15519]: disconnect from unknown[111.222.333.444] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=0/1 commands=6/7 Sep 8 16:41:24 geko postfix/smtpd[15518]: connect from unknown[111.222.333.444] Sep 8 16:41:25 geko postfix/smtpd[15518]: Anonymous TLS connection established from unknown[111.222.333.444]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 Sep 8 16:41:25 geko postfix/smtpd[15518]: C92564346E5: client=unknown[111.222.333.444], sasl_method=PLAIN, sasl_username=i...@tld.com.au Sep 8 16:41:31 geko postfix/cleanup[15407]: C92564346E5: message-id=<b56e4fde-f4c5-f0cb-076b-fdf4878c9...@tld.com> > > so, your users send mail on port 25? hmmm... supposed to be using 587... > >> Sep 8 16:41:31 geko postfix/cleanup[15407]: C92564346E5: >> message-id=<b56e4fde-f4c5-f0cb-076b-fdf4878c9...@tld.com> > > this one took 6 seconds. > >> Sep 8 16:41:31 geko opendkim[910]: C92564346E5: DKIM-Signature field >> added (s=default, d=tld.com) > > and you run opendkim (milter) on that? any other milters? dkim/dmarc _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
