This is happening to many clients that are trying to deliver to my domain. This is a pretty straightforward example of a connection and failure. This is not spam, it's verified legitimate traffic from another .edu that successfully delivers to other domains.
Mar 10 12:12:30 pmx4 postfix/smtpd[25758]: [ID 197553 mail.info] connect from unknown[128.180.2.160] Mar 10 12:12:30 pmx4 postfix/smtpd[25758]: [ID 197553 mail.info] match_hostaddr: 128.180.2.160 ~? 127.0.0.0/8 Mar 10 12:12:30 pmx4 postfix/smtpd[25758]: [ID 197553 mail.info] match_hostaddr: 128.180.2.160 ~? 130.68.1.0/24 Mar 10 12:12:30 pmx4 postfix/smtpd[25758]: [ID 197553 mail.info] match_hostaddr: 128.180.2.160 ~? 130.68.2.0/24 Mar 10 12:12:30 pmx4 postfix/smtpd[25758]: [ID 197553 mail.info] match_list_match: 128.180.2.160: no match Mar 10 12:12:30 pmx4 postfix/smtpd[25758]: [ID 197553 mail.info] send attr ident = smtp:128.180.2.160 Mar 10 12:12:30 pmx4 postfix/smtpd[25758]: [ID 197553 mail.info] > unknown[128.180.2.160]: 220 smtp-in.montclair.edu ESMTP Postfix Mar 10 12:17:30 pmx4 postfix/smtpd[25758]: [ID 197553 mail.info] > unknown[128.180.2.160]: 421 4.4.2 smtp-in.montclair.edu Error: timeout exceeded Mar 10 12:17:30 pmx4 postfix/smtpd[25758]: [ID 197553 mail.info] match_hostaddr: 128.180.2.160 ~? 127.0.0.0/8 Mar 10 12:17:30 pmx4 postfix/smtpd[25758]: [ID 197553 mail.info] match_hostaddr: 128.180.2.160 ~? 130.68.1.0/24 Mar 10 12:17:30 pmx4 postfix/smtpd[25758]: [ID 197553 mail.info] match_hostaddr: 128.180.2.160 ~? 130.68.2.0/24 Mar 10 12:17:30 pmx4 postfix/smtpd[25758]: [ID 197553 mail.info] match_list_match: 128.180.2.160: no match Mar 10 12:17:31 pmx4 postfix/smtpd[25758]: [ID 197553 mail.info] send attr ident = smtp:128.180.2.160 Mar 10 12:17:31 pmx4 postfix/smtpd[25758]: [ID 197553 mail.info] timeout after CONNECT from unknown[128.180.2.160] Mar 10 12:17:31 pmx4 postfix/smtpd[25758]: [ID 197553 mail.info] disconnect from unknown[128.180.2.160] Adam N. Copeland wrote, On 3/10/11 10:32 AM: > Yes, that time out setting is still definitely the default. > > Snoop is basically Solaris' native version of tcp dump, and shouldn't > be putting the packets out of order when capturing. Maybe the client > is making more than one connection attempt? The part that made me > suspect my server is that the same message, from the very same client, > is processed just fine when CC'd to a different account (gmail, et > al). Two test messages from the client side have yet to make it over > server-side. Then, a third test message from the client side was > deferred for six hours before it was finally delivered. > > On 03/10/2011 01:56 AM, Victor Duchovni wrote: >> On Thu, Mar 10, 2011 at 01:14:48AM +0100, Jeroen Geilman wrote: >> >> >>>> Mar 9 18:38:03 pmx4 postfix/smtpd[13358]: [ID 197553 mail.info] >>>> connect >>>> from unknown[134.53.6.74] >>>> >>>> >>> okay >>> >>> >>>> Mar 9 18:41:03 pmx4 postfix/smtpd[13243]: [ID 197553 mail.info]> >>>> unknown[134.53.6.74]: 421 4.4.2 smtp-in.montclair.edu Error: timeout >>>> exceeded >>>> >>> That's 3 minutes (180 seconds); any particular reason you changed it >>> from >>> the default of 300 seconds ? >>> >> No, these are different smtpd(8) processes, and unrelated connections. >> >> > > Ouch, indeed. > > So this client is making connections in rapid succession - and failing ? > > -- > J. > > -- Adam N. Copeland Office of Information Technology Systems and Security Group www.montclair.edu/~copelanda
