On 17 April 2018 at 13:38, @lbutlr <krem...@kreme.com> wrote: > > I finally managed to isolate this. I have no been receiving mails from some > mail servers and there's very little being logged. I obviously set some > configuration that mucked things up. Here is the entire mail.log from the > first minute after midnight: > > Apr 17 00:00:09 mail postfix/postscreen[67061]: CONNECT from > [94.237.32.243]:46598 to [65.121.55.42]:25 > Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr > 94.237.32.243 listed by domain hostkarma.junkemailfilter.com as 127.0.0.1 > Apr 17 00:00:09 mail postfix/dnsblog[74920]: addr 94.237.32.243 listed by > domain hostkarma.junkemailfilter.com as 127.0.1.1 > Apr 17 00:00:09 mail postfix/dnsblog[74865]: addr 94.237.32.243 listed by > domain score.senderscore.com as 127.0.4.97 > Apr 17 00:00:09 mail postfix/dnsblog[74950]: addr 94.237.32.243 listed by > domain list.dnswl.org as 127.0.9.2 > Apr 17 00:00:10 mail postfix/postscreen[67061]: PASS OLD [94.237.32.243]:46598 > Apr 17 00:00:11 mail postfix/smtpd[84666]: connect from > wursti.dovecot.fi[94.237.32.243] > Apr 17 00:00:37 mail > dovecot: imap-login: Login: user=<kreme>, x.x.x.x, PLAIN, TLS > Apr 17 00:00:37 mail dovecot: imap-login: Login: user=<kremels>, x.x.x.x, > PLAIN, TLS > Apr 17 00:00:37 mail dovecot: imap(kreme): Logged out in=34 out=497 > Apr 17 00:00:37 mail dovecot: imap(kremels): Logged out in=34 out=497 > Apr 17 00:00:39 mail postfix/smtpd[84666]: disconnect from > wursti.dovecot.fi[94.237.32.243] ehlo=1 mail=0/1 rcpt=0/1 data=0/1 rset=0/1 > quit=1 commands=2/6 > > As you can see, 94.237.32.243 connected and then after 30 seconds > disconnected. It says it sent an ehlo, but it is not logged.
What do the 'dovecot: imap-login' messages signify? Judging from the final smtpd log message, STARTTLS wasn't attempted, perhaps because your server doesn't offer it? If you don't allow unencrypted connections for incoming mail (smtpd_tls_security_level = encrypt instead of may), this could be your problem. See http://www.postfix.org/TLS_README.html: 'According to RFC 2487 this MUST NOT be applied in case of a publicly-referenced Postfix SMTP server. This option is off by default and should only seldom be used.'
