What is between Postfix and the internet:
- A load balancer?
- A firewall that inspects TCP sessions?
Question 1: were there other SMTP sessions during this time frame,
and did they have timeouts or 'unknown' commands?
The next one timed out after 306 seconds, where 300s is expected.
2022-08-05T17:27:37.326857+00:00 MAILRELAY postfix/smtpd[69606]: connect
from unknown[SAME_CLIENT_IP]
2022-08-05T17:32:43.057669+00:00 MAILRELAY postfix/smtpd[69606]: timeout
after CONNECT from unknown[SAME_CLIENT_IP]
2022-08-05T17:32:43.058413+00:00 MAILRELAY postfix/smtpd[69606]: disconnect
from unknown[SAME_CLIENT_IP] commands=0/0
Question 2: Is this a VM? The sloppy time keeping makes me suspicious.
The next one timed out after 301 seconds which is closer to
expectation, but it has garbled traffic.
2022-08-05T17:28:05.229942+00:00 MAILRELAY postfix/smtpd[69634]: connect
from unknown[SAME_CLIENT_IP]
2022-08-05T17:33:16.299108+00:00 MAILRELAY postfix/smtpd[69634]: timeout
after UNKNOWN from unknown[SAME_CLIENT_IP]
2022-08-05T17:33:16.299730+00:00 MAILRELAY postfix/smtpd[69634]: disconnect
from unknown[SAME_CLIENT_IP] unknown=0/2 commands=0/2
This comes back to my question 1 about other network sessions in
this time frame.
The next one timed out after 303 seconds.
2022-08-05T17:31:50.711513+00:00 MAILRELAY postfix/smtpd[69638]: connect
from unknown[SAME_CLIENT_IP]
2022-08-05T17:36:53.703951+00:00 MAILRELAY postfix/smtpd[69638]: timeout
after CONNECT from unknown[SAME_CLIENT_IP]
2022-08-05T17:36:53.704553+00:00 MAILRELAY postfix/smtpd[69638]: disconnect
from unknown[SAME_CLIENT_IP] commands=0/0
This is the same problem as the first one.
Wietse
