I am getting flooded by 'lost connection after UNKNOWN', I have search hard
for this and only came across one or two related issues but I don't think it
they are close enough to my issue.
Your help is appreciated
e.g. from maillog
Apr 8 10:28:52 woking postfix/smtpd[15249]: lost connection after UNKNOWN
from host42-166-static.40-85-b.business.telecomitalia.it[85.40.166.42]
Apr 8 10:28:52 woking postfix/smtpd[15249]: disconnect from
host42-166-static.40-85-b.business.telecomitalia.it[85.40.166.42]
Apr 8 10:28:52 woking postfix/smtpd[14646]: lost connection after UNKNOWN
from p76206-ipngnfx01marunouchi.tokyo.ocn.ne.jp[153.142.246.206]
Apr 8 10:28:52 woking postfix/smtpd[14646]: disconnect from
p76206-ipngnfx01marunouchi.tokyo.ocn.ne.jp[153.142.246.206]
I'm getting about 36,000 per day, about 20,000 are lost connection after
UNKNOWN from unknown
e.g.
Apr 8 10:32:16 woking postfix/smtpd[20269]: lost connection after UNKNOWN
from unknown[117.216.226.49]
I thought I'd filter the lost connection after UNKNOWN from unknown via
fail2ban, but that is only partial (as it doesn't cover the knowns) and also
just fishing in the dark.
There are hundreds of different IP addresses, but get up to 300 per day from
each.
Is this a configuration issue or a DOS or what? What should I do about it?
My mail server serves about 100 users across 60 domains and handles about
1,000 messages a day, so this traffic is most weird.
I also suspect it is creating some performance issues, as user are
complaining of occasional server timeouts.
On my secondary/test server (handles about 80 messages a day) I get zero of
these.
Logwatch summary
------------------
--------------------- postfix Begin ------------------------
STATISTICS
----------
117662254 bytes transferred
1522 messages accepted for queue
1 messages expired and returned to sender
1472 messages removed from queue
DETAILS
_______
Unknown users: 204, 210 Time(s)
SASL Authentication failed from: 57 Host(s), 242 Time(s)
SASL Authenticated messages from: 31 Host(s), 209 Time(s)
Relaying denied: 108 Time(s)
Local Bounces: 4, 6 Time(s)
Foreign Bounce: 49, 49 Time(s)
Messages rejected to: 336 Recipient(s), 1457 Time(s)
Too many errors in SMTP commands dialog: 1 Command(s), 32 Time(s)
Improper SMTP command pipelining attempts: 1 Host(s), 1 Time(s)
Connections lost:
Connection lost while AUTH : 29 Time(s)
Connection lost while CONNECT : 2075 Time(s)
Connection lost while DATA : 149 Time(s)
Connection lost while END-OF-MESSAGE : 9 Time(s)
Connection lost while RCPT : 68 Time(s)
Connection lost while RSET : 2 Time(s)
Connection lost while STARTTLS : 9 Time(s)
Connection lost while UNKNOWN : 33805 Time(s)
Connection lost while receiving the initial server greeting : 1 Time(s)
--
View this message in context:
http://postfix.1071664.n5.nabble.com/lost-connect-after-UNKNOWN-tp66764.html
Sent from the Postfix Users mailing list archive at Nabble.com.
