I have checked email server of mine and can confirm I am seeing that too (logs
are since Aug 13 03:50:38 EEST):
admin@flopster ~ $ sudo grep -e .outbound.protection.outlook.com
/var/log/mail.log | grep 'ehlo=1 starttls=1 quit=1 commands=3' | tail
Aug 16 13:47:34 flopster postfix/smtpd[23237]: disconnect from
mail-mw2nam12on20617.outbound.protection.outlook.com[2a01:111:f400:fe5a::617]
ehlo=1 starttls=1 quit=1 commands=3
Aug 16 13:47:35 flopster postfix/smtpd[17815]: disconnect from
mail-mw2nam12on2066.outbound.protection.outlook.com[40.107.244.66] ehlo=1
starttls=1 quit=1 commands=3
Aug 16 13:48:30 flopster postfix/smtpd[23237]: disconnect from
mail-db3eur04hn2210.outbound.protection.outlook.com[52.100.17.210] ehlo=1
starttls=1 quit=1 commands=3
Aug 16 13:48:31 flopster postfix/smtpd[21126]: disconnect from
mail-db3eur04hn031a.outbound.protection.outlook.com[2a01:111:f400:fe0c::31a]
ehlo=1 starttls=1 quit=1 commands=3
Aug 16 13:49:55 flopster postfix/smtpd[21126]: disconnect from
mail-dm6nam12hn2213.outbound.protection.outlook.com[52.100.166.213] ehlo=1
starttls=1 quit=1 commands=3
Aug 16 13:49:57 flopster postfix/smtpd[23237]: disconnect from
mail-dm6nam12hn2031b.outbound.protection.outlook.com[2a01:111:f400:fe59::31b]
ehlo=1 starttls=1 quit=1 commands=3
Aug 16 13:50:33 flopster postfix/smtpd[23237]: disconnect from
mail-mw2nam10hn2238.outbound.protection.outlook.com[52.100.157.238] ehlo=1
starttls=1 quit=1 commands=3
Aug 16 13:50:35 flopster postfix/smtpd[21126]: disconnect from
mail-mw2nam10hn20321.outbound.protection.outlook.com[2a01:111:f400:7e89::321]
ehlo=1 starttls=1 quit=1 commands=3
Aug 16 13:52:03 flopster postfix/smtpd[23237]: disconnect from
mail-bn8nam11hn2200.outbound.protection.outlook.com[52.100.171.200] ehlo=1
starttls=1 quit=1 commands=3
Aug 16 13:52:03 flopster postfix/smtpd[21126]: disconnect from
mail-bn8nam11hn20300.outbound.protection.outlook.com[2a01:111:f400:7eae::300]
ehlo=1 starttls=1 quit=1 commands=3
admin@flopster ~ $ sudo grep -e .outbound.protection.outlook.com
/var/log/mail.log | grep 'ehlo=1 starttls=1 quit=1 commands=3' | wc -l
10443
On 8/16/23 10:46, Emmanuel Fusté via Postfix-users wrote:
Le 15/08/2023 à 23:12, Viktor Dukhovni via Postfix-users a écrit :
On Tue, Aug 15, 2023 at 04:14:58PM -0400, pgnd via Postfix-users wrote:
2023-08-14T13:11:53.782611-04:00 svr01 postfix/postscreen[27910]: CONNECT from
[52.101.56.17]:32607 to [209.123.234.54]:25
2023-08-14T13:11:59.860098-04:00 svr01 postfix/postscreen[27910]: PASS NEW
[52.101.56.17]:32607
2023-08-14T13:12:00.058029-04:00 svr01
postfix/postscreen-internal/smtpd[27907]: connect from
mail-eastus2azon11020017.outbound.protection.outlook.com[52.101.56.17]
2023-08-14T13:12:00.118201-04:00 svr01
postfix/postscreen-internal/smtpd[27907]: Anonymous TLS connection established
from mail-eastus2azon11020017.outbound.protection.outlook.com[52.101.56.17]:
TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
2023-08-14T13:12:00.131049-04:00 svr01
postfix/postscreen-internal/smtpd[27907]: disconnect from
mail-eastus2azon11020017.outbound.protection.outlook.com[52.101.56.17] ehlo=1
starttls=1 quit=1 commands=3
Perhaps they don't like your certificate and disconnect once the
handshake completes.
I second that.
But as outbound policy could be personalized by client/tenant hosted on O365
you're lost until someone start winning at you by another channel or retract
the offending specific configuration, all conditioned by logs inspections
and/or end user complains on their side.
Already run into here.
Emmanuel.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
