Jim Seymour via Postfix-users:
> Secondly: Does the occurrence of any of them, following a CONNECT
> message, imply the connection has been dropped by postscreen?
No. You know that postscreen drops a conenction (i.e. does not
pass it to an smtpd process) when it logs:
HANGUP from clientaddr:clientport
DISCONNECT from clientaddr:clientport
But you can't know what connections postscreen was handling
when the process (or the system) was killed.
You know that postscreen passes a connection to an smtpd process
when it logs:
PASS NEW clientaddr:clientport
PASS OLD clientaddr:clientport
In postscreen logs, each connection has its own sequence of events
(CONNECT, DNSBL, PREGREET, etc). Event sequences from different
connections will overlap in time.
CONNECT from clientaddr1:clientport1 to serveraddr1:serverport1
CONNECT from clientaddr1:clientport2 to serveraddr1:serverport1
PREGEET ... from clientaddr1:port1
CONNECT from clientaddr1:clientport3 to serveraddr1:serverport1
HANGUP from clientaddr1:port1
DISCONNECT from clientaddr1:port1
...
Event sequences can usually be grouped by clientaddr:clientport but
it is possible that some perverted client uses the same client port
and IP address in successive connections.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
