Den 2015-03-01 16:40, Wietse Venema skrev:
Tommy Berglund:
Hey!
Is there anything I need to change into my configuration of postfix?
I have in my mail.log file (family server) seen this now.
Parts of my mail.log file
Feb 28 23:54:57 server postfix/postscreen[5976]: CONNECT from
[81.30.158.145]:32970 to [192.168.2.8]:25
Feb 28 23:54:57 server postfix/postscreen[5976]: HANGUP after 0 from
[81.30.158.145]:32970 in tests before SMTP handshake
Feb 28 23:54:57 server postfix/postscreen[5976]: DISCONNECT
[81.30.158.145]:32970
This SMTP client hands up as soon as postscreen greets it.
Feb 28 23:54:58 server postfix/postscreen[5976]: CONNECT from
[81.30.158.145]:33238 to [192.168.2.8]:25
Feb 28 23:55:01 server postfix/postscreen[5976]: HANGUP after 2.1 from
[81.30.158.145]:33238 in tests before SMTP handshake
Feb 28 23:55:01 server postfix/postscreen[5976]: DISCONNECT
[81.30.158.145]:33238
Same SMTP client, now it hangs up after 2 seconds.
Mar 1 00:05:56 server postfix/postscreen[5976]: CONNECT from
[81.30.158.145]:31387 to [192.168.2.8]:25
Mar 1 00:05:58 server postfix/postscreen[5976]: HANGUP after 2 from
[81.30.158.145]:31387 in tests before SMTP handshake
Mar 1 00:05:58 server postfix/postscreen[5976]: DISCONNECT
[81.30.158.145]:31387
Again.
Mar 1 00:05:59 server postfix/postscreen[5976]: CONNECT from
[81.30.158.145]:31813 to [192.168.2.8]:25
Mar 1 00:06:05 server postfix/postscreen[5976]: PASS NEW
[81.30.158.145]:31813
Mar 1 00:06:06 server postfix/smtpd[6961]: warning: hostname
real-univers.com does not resolve to address 81.30.158.145: Name or
service not known
Mar 1 00:06:06 server postfix/smtpd[6961]: connect from
unknown[81.30.158.145]
Mar 1 00:06:16 server postfix/smtpd[6961]: lost connection after
CONNECT from unknown[81.30.158.145]
Mar 1 00:06:16 server postfix/smtpd[6961]: disconnect from
unknown[81.30.158.145]
The client waits for the full 6-second postscreen greet wait, and
passes postscreen's tests. The IP address resolves to real-univers.com,
but the name real-univers.com does not exist (actually, the DNS
server replies for real-univers.com replies with SERVFAIL).
Mar 1 00:06:17 server postfix/postscreen[5976]: CONNECT from
[81.30.158.145]:32871 to [192.168.2.8]:25
Mar 1 00:06:17 server postfix/postscreen[5976]: PASS OLD
[81.30.158.145]:32871
Mar 1 00:06:18 server postfix/smtpd[6961]: warning: hostname
real-univers.com does not resolve to address 81.30.158.145: Name or
service not known
Mar 1 00:06:18 server postfix/smtpd[6961]: connect from
unknown[81.30.158.145]
Mar 1 00:06:18 server postfix/smtpd[6961]: lost connection after EHLO
from unknown[81.30.158.145]
Mar 1 00:06:18 server postfix/smtpd[6961]: disconnect from
unknown[81.30.158.145]
The SMTP client collects the EHLO response with your SMTP server's
feature set.
Mar 1 00:25:42 server postfix/smtpd[7063]: disconnect from
unknown[81.30.158.145]
Mar 1 00:25:42 server postfix/postscreen[5976]: CONNECT from
[81.30.158.145]:7654 to [192.168.2.8]:25
Mar 1 00:25:42 server postfix/postscreen[5976]: PASS OLD
[81.30.158.145]:7654
Mar 1 00:25:42 server postfix/smtpd[7063]: warning: hostname
real-univers.com does not resolve to address 81.30.158.145: Name or
service not known
Mar 1 00:25:42 server postfix/smtpd[7063]: connect from
unknown[81.30.158.145]
Mar 1 00:25:43 server postfix/smtpd[7063]: NOQUEUE: reject: RCPT from
unknown[81.30.158.145]: 554 5.7.1 <t...@gmail.com>: Relay access denied;
from=<t...@priv.bahnhof.se> to=<t...@gmail.com> proto=SMTP
helo=<vps158145.domain>
Mar 1 00:25:43 server postfix/smtpd[7063]: lost connection after RCPT
from unknown[81.30.158.145]
Mar 1 00:25:43 server postfix/smtpd[7063]: disconnect from
unknown[81.30.158.145]
And now it has done an open relay test. The test failed as it should.
This could be intelligence collection (for evil or good). The client
IP address does not appear to be blacklisted. It appears to be
near Frankfurt, Germany.
Wietse
Wietse thanks for the explanation of my maillog file.
If I understand it right, it's nothing that I need to worry about.
--
//Tommy
