Postfix/smtp/smtpd
Hello everybody, I was wondering if anybody could advise please, on what does this log entry mean postfix/smtp/smtpd? I know postfix/smtp is to send mails out to the world, postfix/smtpd stands for daemon that rules out deliveries for incoming mail. What about postfix/smtp/smtpd? Is it something in between incoming and outgoing messages? Does it perhaps mean that some clients try to connect to my 465 port? If that is the case then do they try to send or receive here? Would appreciate any pointers from experts. Many thanks in advance! -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Re: domain email autoconfiguration
On 01.04.2018 02:39, David Mehler wrote: > If anyone has autoconfiguration going with their email domain please > email me privately. Please see http://geoserver.org/comm/userlist-guidelines.html section "Start discussions on the mailing list, keep it on the mailing list". That's not a GeoServer specific issue, but common sense. I am guessing you would like to provide autoconfig for MUAs? If so, https://wiki.mozilla.org/Thunderbird:Autoconfiguration would be a possible starting point. -Ralph
RE: SSL_accept error on just one of several similar servers
> > > On Mar 26, 2018, at 1:07 AM, Michael Fox wrote: > > > > Any idea of what's wrong? Or how to find out what's wrong? > > Most likely a firewall is (mis)configured to block STARTTLS. > > -- > Viktor. You were correct! The IT guys started filtering by domain name in their firewall, which interrupted STARTTLS negotiation. Thanks, Michael
Re: Postfix/smtp/smtpd
Den1: > Hello everybody, > > I was wondering if anybody could advise please, on what does this log entry > mean postfix/smtp/smtpd? I know postfix/smtp is to send mails out to the postfix = syslog_name setting in main.cf smtp = name of the master.cf entry smtpd = name of the executable file. Examples that differ only in the name of the master.cf entry: postfix/smtp/smtpd postfix/smtps/smtpd postfix/submission/smtpd More examples that differ only in the name of the master.cf entry: postfix/smtp/smtp postfix/relay/smtp Without some clue about the master.cf entry, troubleshooting can be harder than it needs to be. Wietse
Re: SASL login and Mail From field mismatch
On Sun, 2018-03-25 at 13:49 -0400, Viktor Dukhovni wrote: > > On Mar 25, 2018, at 12:44 PM, mate...@mailbox.org wrote: > > > > I'm trying to achieve a simple thing. Then user logins via SASL and sends > > mail, I want postfix to check that SASL > > login is identical to MAIL FROM filed. > > Postfix does not support this directly. You'd need a milter or content filter > for that. > One that receives the SASL user name and rewrites the "From" header > accordingly. > > > As I can see, I can do that with 'reject_sender_login_mismatch', but usage > > of this option implies usage of > > 'smtpd_sender_login_maps'. > > Actually, no, because that checks the envelope sender, not the From: header. > > > The problem is that I use MS AD as user list provider, so firstly, I > > thought about some tricky filter to achieve > > this, but I can't think up something workable. > > It should be possible to construct an LDAP query that queries for "mail" and > returns > SAMAccountName. However, that still does not check the fact that you'll be > filtering the envelope sender. > > For the From: header one would want not only the email address that matches > the login name, but also the > displayName. This is not something that Postfix can do directly. > As mentioned above, that'd be a job for a content_filter or milter. > > Viktor, thank you for your reply ! Your answer have helped me a lot. I should definitely read about mail structure. Will do then I'll have a time for that. Thanks once again. -- Best regards, Mate200
Re: SASL login and Mail From field mismatch
On Sun, 2018-03-25 at 19:18 +0200, Robert Schetterer wrote: > Am 25.03.2018 um 18:44 schrieb mate...@mailbox.org: > > Hello everyone ! > > > > I'm trying to achieve a simple thing. Then user logins via SASL and > > sends mail, I want postfix to check that SASL login is identical to MAIL > > FROM filed. > > > > As I can see, I can do that with 'reject_sender_login_mismatch', but > > usage of this option implies usage of 'smtpd_sender_login_maps'. > > The problem is that I use MS AD as user list provider, so firstly, I > > thought about some tricky filter to achieve this, but I can't think up > > something workable. Second option is to create some hash 'file' and fill > > it with maps, but truly speaking I don't want to do this because it's a > > manual work. Of course, I may do some script to download info from AD > > and put it to the file. However, maybe another options exist too ? > > > > I don't need user to be able to write as another user, so simple > > variable comparison like '$sasl_user == $mail_from' would be a prefect > > match. > > > > > > Thanks in advance. > > > > -- > > > > Best regards, > > Mate200 > > > > > > do want something like this ? > > https://github.com/croessner/vrfydmn > > > Best Regards > MfG Robert Schetterer > Marvelous tool !!! ! It should does what I need. Thank you Robert ! -- Best regards, Mate200
Re: Postfix/smtp/smtpd
Wietse Venema wrote
> Den1:
>> Hello everybody,
>>
>> I was wondering if anybody could advise please, on what does this log
>> entry
>> mean postfix/smtp/smtpd? I know postfix/smtp is to send mails out to the
>
> postfix = syslog_name setting in main.cf
> smtp = name of the master.cf entry
> smtpd = name of the executable file.
>
> Examples that differ only in the name of the master.cf entry:
> postfix/smtp/smtpd
> postfix/smtps/smtpd
> postfix/submission/smtpd
>
> More examples that differ only in the name of the master.cf entry:
> postfix/smtp/smtp
> postfix/relay/smtp
>
> Without some clue about the master.cf entry, troubleshooting
> can be harder than it needs to be.
>
> Wietse
Thank you so much for replying, Wietse. Appreciate.
Well, my master.cf looks like this. Hope it will help to throw some more
light upon what my postfix/smtp/smtpd log entry may mean. Clients trying to
login and send?
smtpd pass - - - - - smtpd -o
content_filter=spamassassin
smtp inet n - - - 1 postscreen
dnsblog unix - - - - 0 dnsblog
tlsproxy unix - - - - 0 tlsproxy
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickupfifo n - - 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgrunix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounceunix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verifyunix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scacheunix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
dovecot unix - n n - - pipe
flags=DRhu user=mmail:mmail argv=/usr/lib/dovecot/deliver -d ${recipient}
dovecot-spamass unix - n n - - pipe
flags=DRhu user=mmail:mmail argv=/usr/bin/spamc -u ${recipient} -e
/usr/lib/dovecot/deliver -d ${recipient}
ifmailunix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
policy-spf unix - n n - - spawn
user=nobody argv=/usr/sbin/postfix-policyd-spf-perl
policyd-spf-perl_time_limit = 3600
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender}
${recipient}
procmail unix - n n - - pipe
flags=DROhu user=mmail argv=/usr/bin/procmail -t -m USER=${user}
EXTENSION=${extension} NEXTHOP=${nexthop} /etc/postfix/procmailrc.common
--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Re: Postfix/smtp/smtpd
Den1: > Wietse Venema wrote > > Den1: > >> Hello everybody, > >> > >> I was wondering if anybody could advise please, on what does this log > >> entry > >> mean postfix/smtp/smtpd? I know postfix/smtp is to send mails out to the > > > > postfix = syslog_name setting in main.cf > > smtp = name of the master.cf entry > > smtpd = name of the executable file. > > > > Examples that differ only in the name of the master.cf entry: > > postfix/smtp/smtpd > > postfix/smtps/smtpd > > postfix/submission/smtpd > > > > More examples that differ only in the name of the master.cf entry: > > postfix/smtp/smtp > > postfix/relay/smtp > > > > Without some clue about the master.cf entry, troubleshooting > > can be harder than it needs to be. > > > > Wietse > > Thank you so much for replying, Wietse. Appreciate. > > Well, my master.cf looks like this. Hope it will help to throw some more > light upon what my postfix/smtp/smtpd log entry may mean. Clients trying to > login and send? No logfile record, no support. Wietse
Re: Postfix/smtp/smtpd
Wietse Venema wrote > Den1: >> Wietse Venema wrote >> > Den1: >> >> Hello everybody, >> >> >> >> I was wondering if anybody could advise please, on what does this log >> >> entry >> >> mean postfix/smtp/smtpd? I know postfix/smtp is to send mails out to >> the >> > >> > postfix = syslog_name setting in main.cf >> > smtp = name of the master.cf entry >> > smtpd = name of the executable file. >> > >> > Examples that differ only in the name of the master.cf entry: >> > postfix/smtp/smtpd >> > postfix/smtps/smtpd >> > postfix/submission/smtpd >> > >> > More examples that differ only in the name of the master.cf entry: >> > postfix/smtp/smtp >> > postfix/relay/smtp >> > >> > Without some clue about the master.cf entry, troubleshooting >> > can be harder than it needs to be. >> > >> >Wietse >> >> Thank you so much for replying, Wietse. Appreciate. >> >> Well, my master.cf looks like this. Hope it will help to throw some more >> light upon what my postfix/smtp/smtpd log entry may mean. Clients trying >> to >> login and send? > > No logfile record, no support. > > Wietse Here is an extract from the log. Thank you. Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:29 postfix/smtps/smtpd[4797]: Anonymous TLS connection established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Mar 30 05:25:29 postfix/smtps/smtpd[4797]: Anonymous TLS connection established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Mar 30 05:25:29 postfix/smtps/smtpd[4797]: Anonymous TLS connection established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Mar 30 05:25:32 postfix/smtps/smtpd[4797]: lost connection after CONNECT from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:32 postfix/smtps/smtpd[4797]: disconnect from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:32 postfix/smtps/smtpd[4797]: lost connection after CONNECT from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:32 postfix/smtps/smtpd[4797]: disconnect from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:32 postfix/smtps/smtpd[4797]: lost connection after CONNECT from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:32 postfix/smtps/smtpd[4797]: disconnect from scan-7.security.ipip.net[106.186.113.132] here is another one: Mar 28 22:12:25 postfix/smtps/smtpd[5713]: warning: hostname vps147579.trouble-free.net does not resolve to address 174.138.189.116: Name or service not known Mar 28 22:12:25 postfix/smtps/smtpd[5713]: connect from unknown[174.138.189.116] Mar 28 22:12:25 postfix/smtps/smtpd[5713]: SSL_accept error from unknown[174.138.189.116]: lost connection Mar 28 22:12:25 postfix/smtps/smtpd[5713]: lost connection after CONNECT from unknown[174.138.189.116] Mar 28 22:12:25 postfix/smtps/smtpd[5713]: disconnect from unknown[174.138.189.116] Mar 28 22:12:25 postfix/smtps/smtpd[5713]: warning: hostname vps147579.trouble-free.net does not resolve to address 174.138.189.116: Name or service not known Mar 28 22:12:25 postfix/smtps/smtpd[5713]: connect from unknown[174.138.189.116] Mar 28 22:12:25 postfix/smtps/smtpd[5713]: SSL_accept error from unknown[174.138.189.116]: lost connection Mar 28 22:12:25 postfix/smtps/smtpd[5713]: lost connection after CONNECT from unknown[174.138.189.116] Mar 28 22:12:25 postfix/smtps/smtpd[5713]: disconnect from unknown[174.138.189.116] Mar 28 22:12:25 postfix/smtps/smtpd[5713]: warning: hostname vps147579.trouble-free.net does not resolve to address 174.138.189.116: Name or service not known Mar 28 22:12:25 postfix/smtps/smtpd[5713]: connect from unknown[174.138.189.116] Mar 28 22:12:25 postfix/smtps/smtpd[5713]: SSL_accept error from unknown[174.138.189.116]: lost connection Mar 28 22:12:25 postfix/smtps/smtpd[5713]: lost connection after CONNECT from unknown[174.138.189.116] Mar 28 22:12:25 postfix/smtps/smtpd[5713]: disconnect from unknown[174.138.189.116] Mar 28 22:12:26 postfix/smtps/smtpd[5713]: warning: hostname vps147579.trouble-free.net does not resolve to address 174.138.189.116: Name or service not known -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Re: Postfix/smtp/smtpd
Den1: > Here is an extract from the log. Thank you. > > Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from > scan-7.security.ipip.net[106.186.113.132] > Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from > scan-7.security.ipip.net[106.186.113.132] > Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from > scan-7.security.ipip.net[106.186.113.132] Postfix does not support three concurrent connections to the same SMTP server process, so that looks like a logging infrastrucure that logs the same event three times to the same file. > Mar 30 05:25:29 postfix/smtps/smtpd[4797]: Anonymous TLS connection > established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with > cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) > Mar 30 05:25:29 postfix/smtps/smtpd[4797]: Anonymous TLS connection > established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with > cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) > Mar 30 05:25:29 postfix/smtps/smtpd[4797]: Anonymous TLS connection > established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with > cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) More logfile duplication. > Mar 30 05:25:32 postfix/smtps/smtpd[4797]: lost connection after CONNECT > from scan-7.security.ipip.net[106.186.113.132] > Mar 30 05:25:32 postfix/smtps/smtpd[4797]: disconnect from > scan-7.security.ipip.net[106.186.113.132] > Mar 30 05:25:32 postfix/smtps/smtpd[4797]: lost connection after CONNECT > from scan-7.security.ipip.net[106.186.113.132] > Mar 30 05:25:32 postfix/smtps/smtpd[4797]: disconnect from > scan-7.security.ipip.net[106.186.113.132] > Mar 30 05:25:32 postfix/smtps/smtpd[4797]: lost connection after CONNECT > from scan-7.security.ipip.net[106.186.113.132] > Mar 30 05:25:32 postfix/smtps/smtpd[4797]: disconnect from > scan-7.security.ipip.net[106.186.113.132] More duplication. Someone is scanning mail servers, for good or evil purposes. > here is another one: > > Mar 28 22:12:25 postfix/smtps/smtpd[5713]: warning: hostname > vps147579.trouble-free.net does not resolve to address 174.138.189.116: Name > or service not known > Mar 28 22:12:25 postfix/smtps/smtpd[5713]: connect from > unknown[174.138.189.116] > Mar 28 22:12:25 postfix/smtps/smtpd[5713]: SSL_accept error from > unknown[174.138.189.116]: lost connection > Mar 28 22:12:25 postfix/smtps/smtpd[5713]: lost connection after CONNECT > from unknown[174.138.189.116] > Mar 28 22:12:25 postfix/smtps/smtpd[5713]: disconnect from > unknown[174.138.189.116] Welcome to the Internet. If you have not looked at Postfix logs before, then you may be surprised at the amount of noise. Wietse
Re: Postfix/smtp/smtpd
> On Apr 1, 2018, at 3:05 PM, Wietse Venema wrote: > >> >> Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from >> scan-7.security.ipip.net[106.186.113.132] >> Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from >> scan-7.security.ipip.net[106.186.113.132] >> Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from >> scan-7.security.ipip.net[106.186.113.132] > > Postfix does not support three concurrent connections to the same > SMTP server process, so that looks like a logging infrastrucure > that logs the same event three times to the same file. Or just the disconnect events not logged, or log data re-ordered. -- Viktor.
Re: Postfix/smtp/smtpd
Viktor Dukhovni: > > > > On Apr 1, 2018, at 3:05 PM, Wietse Venema wrote: > > > >> > >> Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from > >> scan-7.security.ipip.net[106.186.113.132] > >> Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from > >> scan-7.security.ipip.net[106.186.113.132] > >> Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from > >> scan-7.security.ipip.net[106.186.113.132] > > > > Postfix does not support three concurrent connections to the same > > SMTP server process, so that looks like a logging infrastrucure > > that logs the same event three times to the same file. > > Or just the disconnect events not logged, or log data re-ordered. The time stamps were distinct for connect, TLS handshake, and disconnect. But it is possible that the poster omitted other handshake and diconnect records between the ones that were posted. Wietse Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:29 postfix/smtps/smtpd[4797]: Anonymous TLS connection established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Mar 30 05:25:29 postfix/smtps/smtpd[4797]: Anonymous TLS connection established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Mar 30 05:25:29 postfix/smtps/smtpd[4797]: Anonymous TLS connection established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) Mar 30 05:25:32 postfix/smtps/smtpd[4797]: lost connection after CONNECT from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:32 postfix/smtps/smtpd[4797]: disconnect from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:32 postfix/smtps/smtpd[4797]: lost connection after CONNECT from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:32 postfix/smtps/smtpd[4797]: disconnect from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:32 postfix/smtps/smtpd[4797]: lost connection after CONNECT from scan-7.security.ipip.net[106.186.113.132] Mar 30 05:25:32 postfix/smtps/smtpd[4797]: disconnect from scan-7.security.ipip.net[106.186.113.132]
Re: Postfix/smtp/smtpd
Thank you all for replying. I really do appreciate your input. When the first extract from the log is pretty obvious as it says scan, the second one is not really clear to me. Did the client try to connect in order to send mail? Does postfix/smtp/smtpd mean sending out? I just assume it but I am not sure. For example when mail arrives I see postfix/smtpd when it goes out I see postfix/submission/smtpd and this is understandable, but seeing postfifix/smtp/smtpd makes me confused a little... -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Re: Postfix/smtp/smtpd
On 1 Apr 2018, at 15:54 (-0400), Den1 wrote: Thank you all for replying. I really do appreciate your input. When the first extract from the log is pretty obvious as it says scan, the second one is not really clear to me. Did the client try to connect in order to send mail? Does postfix/smtp/smtpd mean sending out? I just assume it but I am not sure. For example when mail arrives I see postfix/smtpd when it goes out I see postfix/submission/smtpd and this is understandable, but seeing postfifix/smtp/smtpd makes me confused a little... Look closer. Neither postfix/smtp/smtpd nor postfifix/smtp/smtpd appear in the log lines you posted. What IS there is 'postfix/smtps/smtpd', which indicates connections to your port 465 "wrappermode" instance of smtpd. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steady Work: https://linkedin.com/in/billcole
Re: Postfix/smtp/smtpd
Bill Cole-3 wrote > Look closer. > > Neither postfix/smtp/smtpd nor postfifix/smtp/smtpd appear in the log > lines you posted. > > What IS there is 'postfix/smtps/smtpd', which indicates connections to > your port 465 "wrappermode" instance of smtpd. > > -- > Bill Cole > bill@ > or > billcole@ > (AKA @grumpybozo and many *@billmail.scconsult.com addresses) > Currently Seeking Steady Work: https://linkedin.com/in/billcole That's right, Bill. That's a nice observation. Thanks. Plus, this is also exactly what I was asking about in my very first / initial post. That is if postfix/smtps/smtpd meant connections to my 465 port. /Quote,/ "Does it perhaps mean that some clients try to connect to my 465 port?" /Unquote./ Now it's utmost clear! Thank you so much everybody for your help! -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Re: Postfix/smtp/smtpd
> On Apr 1, 2018, at 3:17 PM, Wietse Venema wrote: > > The time stamps were distinct for connect, TLS handshake, and > disconnect. But it is possible that the poster omitted other handshake > and diconnect records between the ones that were posted. You're right, that sure looks logging in triplicate. > Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from > scan-7.security.ipip.net[106.186.113.132] > Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from > scan-7.security.ipip.net[106.186.113.132] > Mar 30 05:25:27 postfix/smtps/smtpd[4797]: connect from > scan-7.security.ipip.net[106.186.113.132] > > Mar 30 05:25:29 postfix/smtps/smtpd[4797]: Anonymous TLS connection > established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with > cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) > Mar 30 05:25:29 postfix/smtps/smtpd[4797]: Anonymous TLS connection > established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with > cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) > Mar 30 05:25:29 postfix/smtps/smtpd[4797]: Anonymous TLS connection > established from scan-7.security.ipip.net[106.186.113.132]: TLSv1.2 with > cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) > > Mar 30 05:25:32 postfix/smtps/smtpd[4797]: lost connection after CONNECT > from scan-7.security.ipip.net[106.186.113.132] > Mar 30 05:25:32 postfix/smtps/smtpd[4797]: disconnect from > scan-7.security.ipip.net[106.186.113.132] > Mar 30 05:25:32 postfix/smtps/smtpd[4797]: lost connection after CONNECT > from scan-7.security.ipip.net[106.186.113.132] > Mar 30 05:25:32 postfix/smtps/smtpd[4797]: disconnect from > scan-7.security.ipip.net[106.186.113.132] > Mar 30 05:25:32 postfix/smtps/smtpd[4797]: lost connection after CONNECT > from scan-7.security.ipip.net[106.186.113.132] > Mar 30 05:25:32 postfix/smtps/smtpd[4797]: disconnect from > scan-7.security.ipip.net[106.186.113.132 -- Viktor.
Re: Postfix/smtp/smtpd
Den1: > Plus, this is also exactly what I was asking about in my very first / > initial post. That is if postfix/smtps/smtpd meant connections to my 465 No, you asked about "postfix/smtp/smtpd" not "postfix/smtps/smtpd". I was wondering if anybody could advise please, on what does this log entry mean postfix/smtp/smtpd? I know postfix/smtp is to send mails out to the... Are you a troll? Wietse
Re: Postfix/smtp/smtpd
Wietse Venema wrote > Den1: >> Plus, this is also exactly what I was asking about in my very first / >> initial post. That is if postfix/smtps/smtpd meant connections to my 465 > > No, you asked about "postfix/smtp/smtpd" not "postfix/smtps/smtpd". > > I was wondering if anybody could advise please, on what does > this log entry mean postfix/smtp/smtpd? I know postfix/smtp is > to send mails out to the... > > Are you a troll? > > Wietse No, I am not. I said that is /*also*/ what I was asking about. That is I asked about both. My apologies I did not make myself clear enough. -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
