Hi list, I searched the forum looking for some ideas about the following error that is growing increasingly in my POSTFIX deployment:
Aug 20 08:41:40 prometeu postfix/smtpd[16568]: lost connection after EHLO from mail2.netpoint.com.br[187.16.24.50] Aug 20 08:43:13 prometeu postfix/smtpd[15433]: lost connection after EHLO from smtp1.mailcorp.net.br[200.143.7.75] Aug 20 08:45:34 prometeu postfix/smtpd[17243]: lost connection after EHLO from autodiscover.nitropdf.com[66.77.245.20] Aug 20 08:45:51 prometeu postfix/smtpd[17244]: lost connection after EHLO from s1-11.rb4.clm.centurytel.net[69.29.39.11] Aug 20 08:46:17 prometeu postfix/smtpd[15569]: lost connection after EHLO from mail3.bts.it[89.96.242.37] Aug 20 08:48:41 prometeu postfix/smtpd[18366]: lost connection after EHLO from c9067602.static.spo.virtua.com.br[201.6.118.2] Aug 20 08:49:22 prometeu postfix/smtpd[15433]: lost connection after EHLO from mx2.gruppen.com.br[200.187.151.84] Aug 20 08:50:23 prometeu postfix/smtpd[13773]: lost connection after EHLO from mail.perfil.inf.br[200.174.163.227] Aug 20 08:50:43 prometeu postfix/smtpd[11937]: lost connection after EHLO from unknown[200.196.73.74] Aug 20 08:51:35 prometeu postfix/smtpd[18326]: lost connection after EHLO from mail.grupofatima.com.br[201.72.146.130] I am running the same Postfix installation for 3 years at least using version postfix-2.3.3-2.1.el5_2. I tried the following actions: - my IPTABLES firewall is running in the same server allowing TCP 25 and 465 INBOUND and OUTBOUND. - my corporate firewall accepts all IP packets INBOUND and OUTBOUND from the internet to the POSTFIX server (it's a H3C SecPath 1000-S) I read this forum that this could be happened because POSTFIX is under heavy load. How can I discover that ? Also I like to know how can I generate logs in order to discover why HELO command is fine and EHLO not. Someting about the SMTPD TLS configuration ? Thanks for all, -- Klaus Engelmann CCNA CCDA - CSCO10971632 LPIC-2 - LPI000138061 My main.cf generated by postconf -n is: alias_database = hash:/etc/postfix/aliasDB/aliases alias_maps = hash:/etc/postfix/aliasDB/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 default_privs = vmail disable_vrfy_command = yes header_checks = regexp:/etc/postfix/headerChecks/header_checks home_mailbox = Maildir/ html_directory = no inet_interfaces = all local_recipient_maps = unix:passwd.byname $alias_maps mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 20971520 mime_header_checks = regexp:/etc/postfix/headerChecks/mime_header_checks mydestination = $myhostname, localhost.$mydomain, localhost mydomain = ufcspa.edu.br myhostname = prometeu.ufcspa.edu.br mynetworks = 172.16.1.1/32, 127.0.0.0/8, 172.16.0.0/16 myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES relay_domains = relayhost = sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_banner = $myhostname ESMTP smtpd_client_connection_count_limit = 10 smtpd_client_connection_rate_limit = 15 smtpd_client_message_rate_limit = 25 smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = yes smtpd_error_sleep_time = 20s smtpd_hard_error_limit = 3 smtpd_helo_required = yes smtpd_junk_command_limit = 1 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/whitelist/rbl_whitelist, check_sender_access hash:/etc/postfix/whitelist/user_restrictions, check_recipient_access hash:/etc/postfix/whitelist/recipient_access, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access regexp:/etc/postfix/helo-blacklist/smtp_helo_blacklist, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unauth_destination, reject_unlisted_recipient, reject_unknown_recipient_domain, reject_rbl_client dnsbl.njabl.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client b.barracudacentral.org, check_policy_service unix:private/spfpolicy, check_policy_service inet:127.0.0.1:2501, permit smtpd_reject_unlisted_recipient = yes smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_soft_error_limit = 1 smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/postfix/ssl/certPostfix.pem smtpd_tls_key_file = /etc/postfix/ssl/keyPostfix.pem smtpd_use_tls = yes strict_rfc821_envelopes = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = ldap:/etc/postfix/ldap/valias.cf virtual_gid_maps = static:200 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = fffcmpa.edu.br ufcspa.edu.br virtual_mailbox_maps = ldap:/etc/postfix/ldap/vmaps.cf virtual_transport = dovecot virtual_uid_maps = static:200
