On Sat, September 9, 2023 2:42 am, Matus UHLAR - fantomas via
Postfix-users wrote:
On 08.09.23 23:13, lists--- via Postfix-users wrote:
logs from unsuccessful attempts are important, not from the one that
succeeded.
On 09.09.23 20:03, lists--- via Postfix-users wrote:
is there some proper way to identify that..?
your IP address could help that.
looking at lines immediately
above I see like, I screen scrapped lines immediately above:
Sep 8 16:40:37 geko postfix/postscreen[21264]: CONNECT from
[111.222.333.444]:50452 to [103.106.168.106]:25
[...]
Sep 8 16:40:37 geko postfix/smtpd[15732]: disconnect from
unknown[111.222.333.444] ehlo=1 starttls=1 commands=2
this is connection from the rantom internet IP.
Sep 8 16:40:46 geko postfix/smtpd[15519]: connect from
unknown[111.222.333.444]
Sep 8 16:40:46 geko postfix/smtpd[15519]: Anonymous TLS connection
established from unknown[111.222.333.444]: TLSv1.3 with cipher
TLS_AES_128_GCM_SHA256 (128/128
Sep 8 16:40:47 geko postfix/smtpd[15519]: 2556C4346EC:
client=unknown[111.222.333.444], sasl_method=PLAIN,
sasl_username=i...@tld.com.au
Sep 8 16:44:24 geko postfix/anvil[1945]: statistics: max connection rate
4/3600s for (smtpd:185.222.58.40) at Sep 8 16:40:22
Sep 8 16:44:24 geko postfix/anvil[1945]: statistics: max connection count
3 for (smtpd:185.222.58.40) at Sep 8 16:40:19
Sep 8 16:41:06 geko postfix/smtpd[15519]: lost connection after DATA (0
bytes) from unknown[111.222.333.444]
Sep 8 16:41:06 geko postfix/smtpd[15519]: disconnect from
unknown[111.222.333.444] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=0/1
commands=6/7
did you reorder those lines? look at timestamps.
However, this looks like user i...@tld.com.au logged in and dropped the
connection 19 seconds later. Perhaps they were unsatisfied with sending
mail taking so long.
Sep 8 16:41:24 geko postfix/smtpd[15518]: connect from
unknown[111.222.333.444]
Sep 8 16:41:25 geko postfix/smtpd[15518]: Anonymous TLS connection
established from unknown[111.222.333.444]: TLSv1.3 with cipher
TLS_AES_128_GCM_SHA256 (128/128
Sep 8 16:41:25 geko postfix/smtpd[15518]: C92564346E5:
client=unknown[111.222.333.444], sasl_method=PLAIN,
sasl_username=i...@tld.com.au
Sep 8 16:41:31 geko postfix/cleanup[15407]: C92564346E5:
message-id=<b56e4fde-f4c5-f0cb-076b-fdf4878c9...@tld.com>
so, your users send mail on port 25?
hmmm... supposed to be using 587...
if you properly uncommented submission service in master.cf, the smtp should
log as postfix/smtps/smtpd or postfix/submission/smtpd
or your user used port 25 which is used for server-server mail transfer and
may have different setup.
I e.g. use postscreen (which sometimes adds 6-seconds delay) and also spam
and virus checking milters (like amavisd-milter) on 25. This takes much time.
on port 587/465 I tend to use amavis as content_filter, which means mail is
received from user and filtered afterwards. This makes apparent receiving
mail from client much faster.
Sep 8 16:41:31 geko opendkim[910]: C92564346E5: DKIM-Signature field
added (s=default, d=tld.com)
and you run opendkim (milter) on that? any other milters?
dkim/dmarc
amavisd can also dkim-sign message so I don't need these on such servers.
(no problem if you use them on 25 tho)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
