Noel Jones put forth on 8/11/2010 6:20 AM: > This is logged when the client disconnected in the middle of the > transaction -- postfix lost the connection -- NOT a reject. > > You won't find reject log entries for the lost connections after EHLO or > CONNECT, although the ones for RCPT and DATA *might* be proceeded by > rejects. > > This can be confusing because typically most of the lost connections are > zombies/bots that you would reject anyway.
Are you sure about that Noel? Aug 8 13:22:49 greer postfix/smtpd[14798]: connect from 59-126-95-178.pool.ukrtel.net[178.95.126.59] Aug 8 13:22:50 greer postfix/smtpd[14798]: NOQUEUE: reject: RCPT from 59-126-95-178.pool.ukrtel.net[178.95.126.59]: 554 5.7.1 <59-126-95-178.pool.ukrtel.net[178.95.126.59]>: Client host rejected: Generic - Please relay via ISP (ukrtel.net); from=<i...@hardwarefreak.com> to=<i...@hardwarefreak.com> proto=SMTP helo=<59-126-95-178.pool.ukrtel.net> Aug 8 13:22:50 greer postfix/smtpd[14798]: lost connection after RCPT from 59-126-95-178.pool.ukrtel.net[178.95.126.59] Aug 8 13:22:50 greer postfix/smtpd[14798]: disconnect from 59-126-95-178.pool.ukrtel.net[178.95.126.59] This example clearly shows the disconnect at RCPT was due to a rejection. This example was in my previous list. And how about this one? Aug 10 23:02:46 greer postfix/smtpd[30689]: connect from unknown[113.91.134.58] Aug 10 23:02:47 greer postfix/smtpd[30689]: NOQUEUE: reject: RCPT from unknown[113.91.134.58]: 554 5.7.1 <unknown[113.91.134.58]>: Client host rejected: Mail not accepted from China; from=<thei...@robertharding.com> to=<s...@hardwarefreak.com> proto=ESMTP helo=<QOYCLTMTN> Aug 10 23:02:48 greer postfix/smtpd[30689]: lost connection after DATA (0 bytes) from unknown[113.91.134.58] Aug 10 23:02:48 greer postfix/smtpd[30689]: disconnect from unknown[113.91.134.58] Again, the disconnection was due to rejection. This one was also in my previous example. In fact, every one of my rejections shows a disconnect stamp pretty much identical to those which are simply clients prematurely disconnecting for whatever reason. This leads me to believe the SMTP stage of disconnection is logged for all disconnects, including those due to rejections. I guess we'll find out when Wietse jumps in to educate us on this. -- Stan
