I recently started seeing these log entries in the Postfix log and the firewall log. The sequence happens once a day, sometimes twice. Each time it appears to be a different client IP address.
In summary, I see an aborted connection attempt to Postfix, then a short while later I see Postfix trying some outbound connections (which are blocked and logged by the firewall). Is this behavior familiar to anyone? Any suggestions on where I should start looking next for the source of the outbound attempts? This is Postfix 2.7.1. Postfix 2.9.1 exhibits a similar behavior. IP 216.xxx.68.64 is the Postfix server, which runs FreeBSD 8.3. Sep 28 03:21:22 oneou postfix/smtpd[91250]: connect from unknown[39.xxx.56.235] Sep 28 03:26:22 oneou postfix/smtpd[91250]: timeout after CONNECT from unknown[39.xxx.56.235] Sep 28 03:26:22 oneou postfix/smtpd[91250]: disconnect from unknown[39.xxx.56.235] Sep 28 03:27:12 oneou pf: rule 1/0(match): block out on fxp0: 216.xxx.68.64.25 > 39.xxx.56.235.1525: tcp 108 Sep 28 03:28:16 oneou pf: rule 1/0(match): block out on fxp0: 216.xxx.68.64.25 > 39.xxx.56.235.1525: tcp 108 Sep 28 03:29:20 oneou pf: rule 1/0(match): block out on fxp0: 216.xxx.68.64.25 > 39.xxx.56.235.1525: tcp 108 Sep 28 03:30:24 oneou pf: rule 1/0(match): block out on fxp0: 216.xxx.68.64.25 > 39.xxx.56.235.1525: tcp 108 Sep 28 03:31:28 oneou pf: rule 1/0(match): block out on fxp0: 216.xxx.68.64.25 > 39.xxx.56.235.1525: tcp 20 Sep 30 11:05:57 oneou postfix/smtpd[34106]: connect from 6.sfi.patel.net[83.xxx.56.16] Sep 30 11:05:58 oneou postfix/smtpd[34106]: lost connection after CONNECT from 6.sfi.patel.net[83.xxx.56.16] Sep 30 11:05:58 oneou postfix/smtpd[34106]: disconnect from 6.sfi.patel.net[83.xxx.56.16] Sep 30 11:08:07 oneou pf: rule 1/0(match): block out on fxp0: 216.xxx.68.64.25 > 83.xxx.56.16.17725: tcp 20 Sep 30 11:09:10 oneou pf: rule 1/0(match): block out on fxp0: 216.xxx.68.64.25 > 83.xxx.56.16.17725: tcp 20 Sep 30 11:10:14 oneou pf: rule 1/0(match): block out on fxp0: 216.xxx.68.64.25 > 83.xxx.56.16.17725: tcp 20 Sep 30 11:11:18 oneou pf: rule 1/0(match): block out on fxp0: 216.xxx.68.64.25 > 83.xxx.56.16.17725: tcp 20 Sep 30 11:12:22 oneou pf: rule 1/0(match): block out on fxp0: 216.xxx.68.64.25 > 83.xxx.56.16.17725: tcp 20 Sep 30 11:13:26 oneou pf: rule 1/0(match): block out on fxp0: 216.xxx.68.64.25 > 83.xxx.56.16.17725: tcp 20 Sep 30 11:14:30 oneou pf: rule 1/0(match): block out on fxp0: 216.xxx.68.64.25 > 83.xxx.56.16.17725: tcp 20 Sep 30 11:15:34 oneou pf: rule 1/0(match): block out on fxp0: 216.xxx.68.64.25 > 83.xxx.56.16.17725: tcp 20
