* Poliman - Serwis <ser...@poliman.pl>: > Hi everyone. In mail.log file I have many lines like below: > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: SSL_accept error from > house.census.shodan.io[89.248.172.16]: -1 > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: warning: TLS library > problem: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version > number:s3_srvr.c:966:
Postfix refuses to use SSLv3. > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: lost connection after > CONNECT from house.census.shodan.io[89.248.172.16] > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14642]: disconnect from > house.census.shodan.io[89.248.172.16] > Mar 2 06:53:30 vps342401 postfix/smtps/smtpd[14637]: lost connection after > CONNECT from house.census.shodan.io[89.248.172.16] house.census.shodan.io tries to connect your Postfix server and then nothing happens. Unless every other host has this problem too, you will have to talk to the people who run house.census.shodan.io to find out why their client doesn't proceed with a SMTP session. Chances are their hosts problem is, it is unable to use any other/newer TLS protocol version. > and > > Mar 2 07:15:01 vps342401 dovecot: pop3-login: Disconnected (no auth attempts > in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, > session=<BctoWblJjAB/AAAB> > Mar 2 07:20:01 vps342401 dovecot: imap-login: Disconnected (disconnected > before auth was ready, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, > secured, session=<+TxOa7lJ/AB/AAAB> > Mar 2 07:20:01 vps342401 dovecot: pop3-login: Disconnected (no auth attempts > in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, > session=<z1FOa7lJmAB/AAAB> > Mar 2 07:25:01 vps342401 dovecot: imap-login: Disconnected (disconnected > before auth was ready, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, > secured, session=<znkzfblJCAB/AAAB> Something - a program ? - on your server connects to your dovecot service and disconnects. Find out what it is. > From two days log file has 18MB. What is wrong? The log size is not necessarily an indicator that something is wrong on your machine. On busy machines 18 MB growth is a matter of minutes. How recurring are the errors in the LOG? Is it always the same error? Is it always the same host having problems with your server? p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein
