I'm not having any functional issues. This is more a question of postfix
logging context. For example i have a log entry for a connection attempt
as follows: (which is the correct flow)
postfix/postscreen[pid]: connect from unknown[xxx.xxx.xxx.xxx]:someport
to [xxx.xxx.xxx.xxx]:25
prequeuemilter[pid] INFO: REJECT: Connection attempt from blocked site
[domain/or ip] at address [xxx.xxx.xxx.xxx]
postfix/smtpd[pid]: NOQUEUE: milter-reject: CONNECT from
unknown[xxx.xxx.xxx.xxx]: 550 5.7.1 Command rejected; proto=SMTP
prequeuemilter[pid] INFO: command completed successfully for ip address
[xxx.xxx.xxx.xxx]
prequeuemilter[pid] INFO: Client connection closed [xxx.xxx.xxx.xxx]
from milter instance
postfix/smtpd[pid]: lost connection after CONNECT from
unknown[xxx.xxx.xxx.xxx]
postfix/smtpd[pid]: disconnect from unknown[xxx.xxx.xxx.xxx]
commands=0/0
and yet another:
postfix/postscreen[pid]: connect from unknown[xxx.xxx.xxx.xxx]:someport
to [xxx.xxx.xxx.xxx]:25
postfix/smtpd[pid]: connect from unknown[xxx.xxx.xxx.xxx]
prequeuemilter[pid] INFO: REJECT: Connection attempt from blocked site
[xxx.xxx.xxx.xxx] at address [xxx.xxx.xxx.xxx]
postfix/smtpd[pid]: NOQUEUE: milter-reject: CONNECT from
unknown[xxx.xxx.xxx.xxx]: 550 5.7.1 Command rejected; proto=SMTP
postfix/smtpd[pid]: NOQUEUE: milter-reject: EHLO from
unknown[xxx.xxx.xxx.xxx]: 550 5.7.1 Command rejected; proto=SMTP helo=
postfix/smtpd[pid]: NOQUEUE: milter-reject: UNKNOWN from
unknown[xxx.xxx.xxx.xxx]: 550 5.7.1 Command rejected; proto=ESMTP helo=
postfix/smtpd[pid]: NOQUEUE: milter-reject: UNKNOWN from
unknown[xxx.xxx.xxx.xxx]: 550 5.7.1 Command rejected; proto=ESMTP helo=
postfix/smtpd[[pid]: lost connection after UNKNOWN from
unknown[xxx.xxx.xxx.xxx]
postfix/smtpd[pid]: disconnect from unknown[xxx.xxx.xxx.xxx] ehlo=1
starttls=0/1 unknown=0/2 commands=1/4
prequeuemilter[pid] INFO: command completed successfully for ip address
[xxx.xxx.xxx.xxx]
prequeuemilter[pid] INFO: Client connection closed [xxx.xxx.xxx.xxx]
from milter instance
and yet another:
postfix/postscreen[pid]: CONNECT from [xxx.xxx.xxx.xxx]:someport to
[xxx.xxx.xxx.xxx]:25
postfix/smtpd[pid]: connect from unknown[xxx.xxx.xxx.xxx]
prequeuemilter[pid] INFO: REJECT: Connection attempt from blocked site
[xxx.xxx.xxx.xxx] at address [xxx.xxx.xxx.xxx]
postfix/smtpd[pid]: NOQUEUE: milter-reject: CONNECT from
unknown[xxx.xxx.xxx.xxx]: 550 5.7.1 Command rejected; proto=SMTP
postfix/smtpd[pid]: NOQUEUE: milter-reject: UNKNOWN from
unknown[xxx.xxx.xxx.xxx]: 550 5.7.1 Command rejected; proto=SMTP
prequeuemilter[pid] INFO: command completed successfully for ip address
[xxx.xxx.xxx.xxx]
prequeuemilter[pid] INFO: Client connection closed [xxx.xxx.xxx.xxx]
from milter instance
postfix/smtpd[pid]: lost connection after UNKNOWN from
unknown[xxx.xxx.xxx.xxx]
postfix/smtpd[pid]: disconnect from unknown[xxx.xxx.xxx.xxx] unknown=0/1
commands=0/1
However, most are like the first entry. This appears to be a forking
issue in that libmilter is not waiting for
a response to subsequently move on to the next macro call. These are
identical connection attempts meeting the exact
same criteria for rejection. The command that is called by the milter
is done after libmilter calls the close
macro after receiving a reject. It runs quickly and returns "continue"
to close the connection. I don't believe
that it would be appropriate to put a mutex around the block of code
that returns the reject. The only
delay that might occur is if simultaneous calls are made to the custom
command on close. In which case it
will ignore it for the same host or wait nano 0.01 to obtain the lock.
Additionally, there is a check to
ensure that different helo and ehlo names are not being issued on the
same connection as well as a check in
the helo macro (most of these types don't get that far) to determine if
a reject has already been issued
for this connection.
Thanks,
Steven___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
