smtpd

Wietse Venema Sun, 01 Apr 2018 12:18:07 -0700

Viktor Dukhovni:
> 
> 
> > On Apr 1, 2018, at 3:05 PM, Wietse Venema <wie...@porcupine.org> wrote:
> > 
> >> 
> >> Mar 30 05:25:27  postfix/smtps/smtpd[4797]: connect from
> >> scan-7.security.ipip.net[106.186.113.132]
> >> Mar 30 05:25:27  postfix/smtps/smtpd[4797]: connect from
> >> scan-7.security.ipip.net[106.186.113.132]
> >> Mar 30 05:25:27  postfix/smtps/smtpd[4797]: connect from
> >> scan-7.security.ipip.net[106.186.113.132]
> > 
> > Postfix does not support three concurrent connections to the same
> > SMTP server process, so that looks like a logging infrastrucure
> > that logs the same event three times to the same file.
> 
> Or just the disconnect events not logged, or log data re-ordered.


The time stamps were distinct for connect, TLS handshake, and
disconnect. But it is possible that the poster omitted other handshake
and diconnect records between the ones that were posted.

        Wietse

Mar 30 05:25:27  postfix/smtps/smtpd[4797]: connect from 
scan-7.security.ipip.net[106.186.113.132]
Mar 30 05:25:27  postfix/smtps/smtpd[4797]: connect from 
scan-7.security.ipip.net[106.186.113.132]
Mar 30 05:25:27  postfix/smtps/smtpd[4797]: connect from 
scan-7.security.ipip.net[106.186.113.132]

Mar 30 05:25:29  postfix/smtps/smtpd[4797]: Anonymous TLS connection 
established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with cipher 
ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Mar 30 05:25:29  postfix/smtps/smtpd[4797]: Anonymous TLS connection 
established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with cipher 
ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Mar 30 05:25:29  postfix/smtps/smtpd[4797]: Anonymous TLS connection 
established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with cipher 
ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)

Mar 30 05:25:32  postfix/smtps/smtpd[4797]: lost connection after CONNECT from 
scan-7.security.ipip.net[106.186.113.132]
Mar 30 05:25:32  postfix/smtps/smtpd[4797]: disconnect from 
scan-7.security.ipip.net[106.186.113.132]
Mar 30 05:25:32  postfix/smtps/smtpd[4797]: lost connection after CONNECT from 
scan-7.security.ipip.net[106.186.113.132]
Mar 30 05:25:32  postfix/smtps/smtpd[4797]: disconnect from 
scan-7.security.ipip.net[106.186.113.132]
Mar 30 05:25:32  postfix/smtps/smtpd[4797]: lost connection after CONNECT from 
scan-7.security.ipip.net[106.186.113.132]
Mar 30 05:25:32  postfix/smtps/smtpd[4797]: disconnect from 
scan-7.security.ipip.net[106.186.113.132]

Re: Postfix/smtp/smtpd

Reply via email to