deoren:
> On 8/21/2018 6:25 PM, Wietse Venema wrote:
>
> > Have you looked in Postfix LOGs? For example, if there is a delay
> > from the start of the probe to the first Postfix logfile record,
> > then that would indicate a delay with looking up the client hostname,
> > and then the address for that hostname.
>
> Thank you for the response.
>
> I find entries like these:
>
> 2018-08-21T08:11:19.456927-05:00 relay1 postfix/smtpd[30722]: connect
> from unknown[192.168.2.199]
> 2018-08-21T08:11:34.332901-05:00 relay1 postfix/smtpd[30852]: connect
> from unknown[192.168.2.199]
> 2018-08-21T08:11:43.392959-05:00 relay1 postfix/smtpd[30853]: connect
> from unknown[192.168.2.199]
> 2018-08-21T08:11:52.424982-05:00 relay1 postfix/smtpd[30863]: connect
> from unknown[192.168.2.199]
> 2018-08-21T08:12:01.472960-05:00 relay1 postfix/smtpd[30865]: connect
> from unknown[192.168.2.199]
>
> 2018-08-21T08:12:07.465312-05:00 relay1 postfix/smtpd[30863]: lost
> connection after MAIL from unknown[192.168.2.199]
> 2018-08-21T08:12:07.466254-05:00 relay1 postfix/smtpd[30863]: disconnect
> from unknown[192.168.2.199] ehlo=1 mail=0/1 commands=1/2
> 2018-08-21T08:12:11.816850-05:00 relay1 postfix/smtpd[30722]: lost
> connection after MAIL from unknown[192.168.2.199]
> 2018-08-21T08:12:11.817737-05:00 relay1 postfix/smtpd[30722]: disconnect
> from unknown[192.168.2.199] ehlo=1 mail=0/1 commands=1/2
> 2018-08-21T08:12:12.884866-05:00 relay1 postfix/smtpd[30865]: connect
> from unknown[192.168.2.199]
'mail=0/1' means that Postfix rejected the MAIL FROM command (the
client sent 1 MAIL FROM command, and Postfix accepted 0 MAIL FROM
commands).
You may want to examine the logs a little closer than looking for
'connect'. What else did processes 30863 and 30722 log for that
SMTP session?
Wietse
