> A "normal" ESMTP session with vrfy:
>
> ehlo=1/1 vrfy=1/1 quit=1/1
>
> An "abnormal" session that drops after 10 rejected AUTH commands:
>
> ehlo=1/1 auth=0/10
>
> The logging shows only counters for commands that were actually
> issued. To save space we could replace "n/n" (two ident
Wietse Venema:
> Since the stats would be logged at the end of a session, they can
> be logged in the "disconnect" record.
Hello Wietse,
the proposal sounds good. Such intormation could be helpful.
Do you think it should be logged always or only while debugging?
I use to "postconf -e "debug_peer
In response to Noel's followup, here is a proposal that can make
Postfix trouble shooting / anomaly detection easier. This would
reveal information that is currently available only by turning on
verbose logging.
Proposal:
The Postfix SMTP server maintains two counters for each known
command: one
/total is easier to explain than valid/rejected, and makes a
>> pretty fraction display.
>>
>> proposed log:
>> postfix/smtpd[nnn]: lost connection after RCPT from
>> test.example.com[192.0.2.100], nrcpt=N/T
>
> [I am making an exception to respond on-list
s a
> pretty fraction display.
>
> proposed log:
> postfix/smtpd[nnn]: lost connection after RCPT from
> test.example.com[192.0.2.100], nrcpt=N/T
[I am making an exception to respond on-list to known people.]
Interesting idea, but why not log these numbers with the "disconnect&quo
On 12 Jul 2014, at 9:19, D'Arcy J.M. Cain wrote:
I want to ask the question "Who connected,
confirmed a valid address and disconnected without sending mail?" Is
that an unreasonable question without needing to do stateful log
analysis? It's not that I am a stranger to that sort of log analysis
On 7/11/2014 5:06 PM, Wietse Venema wrote:
>>
>> I suppose the "recipient count" could be added to the "lost
>> connection" message. That might be modestly useful to the general
>> user base. Maybe something like:
>>
>> postfix/smtpd[n
On Fri, 11 Jul 2014 16:52:12 -0500
Noel Jones wrote:
> But there's really only one scenario. The only time postfix logs
> that message is when the connection is lost after RCPT. This is
> always caused by either A) a poorly written mail engine that
> improperly drops the connection, or B) a netw
session because of an RBL.
Three, someone is probing to find out if an address is valid. I
you did not provide any log but "lost connection after RCPT"
means the client did not quit the smtp session properly and
so the client is broken
Are you sure that you read my message? Tha
omeone sends email to an invalid address and we reject the balance
> >>> of the session. Two, we reject the session because of an RBL.
> >>> Three, someone is probing to find out if an address is valid. I
> >
> >> you did not provide any log but "lost c
> of the session. Two, we reject the session because of an RBL.
>>> Three, someone is probing to find out if an address is valid. I
>
>> you did not provide any log but "lost connection after RCPT"
>> means the client did not quit the smtp session properly
>>> of the session. Two, we reject the session because of an RBL.
>>> Three, someone is probing to find out if an address is valid. I
>
>> you did not provide any log but "lost connection after RCPT"
>> means the client did not quit the smtp session properly
gt; > Three, someone is probing to find out if an address is valid. I
> you did not provide any log but "lost connection after RCPT"
> means the client did not quit the smtp session properly and
> so the client is broken
Are you sure that you read my message? That'
four where the sender has a system issue
> and disconnects prematurely but this probably doesn't happen often
> enough to worry about especially if I only take note once the sender
> passes some reasonable threshold
you did not provide any log but "lost connection after RCPT&quo
There's a new trick in the spammer's bag of tricks. Companies like
strikeiron and briteverify are springing up promising to verify email
addresses so that senders can limit sending invalid emails to MTAs and
thus wind up on their suspicious sender list. I can't think of a
single legitimate use fo
"lost connection after RCPT from ..ZZ
are you sure it's from localservers? not clients?
try to tcpdump to see if the connection termination comes from host or
other source.
tcpdump -X -i input_interface host Host_ip_address
to get some network information
Regards,
Eliezer
I kee
I run postfix server on ubuntu box for more than a year.
I use amavis-new for spam filtering.
After inspecting the log files I've noticed that, for a few mail servers
than try to send mails localy, there is a connection lost with message:
"lost connection after RCPT from ..
On Mon, 08 Aug 2011 16:41:59 -0500, Noel Jones
wrote:
> On 8/8/2011 4:15 PM, l...@airstreamcomm.net wrote:
>> We recently (within the last two weeks) started getting a very large
>> number of logs like this:
>>
>> postfix/smtpd[29456]: lost connection after RCPT f
On 8/8/2011 4:15 PM, l...@airstreamcomm.net wrote:
> We recently (within the last two weeks) started getting a very large
> number of logs like this:
>
> postfix/smtpd[29456]: lost connection after RCPT from
> cel-broadband1-ws-72.dsl.airstreamcomm.net[64.33.198.73]
>
> Afte
On 2011-08-08 23:15, l...@airstreamcomm.net wrote:
We recently (within the last two weeks) started getting a very large
number of logs like this:
postfix/smtpd[29456]: lost connection after RCPT from
cel-broadband1-ws-72.dsl.airstreamcomm.net[64.33.198.73]
After doing packet traces it appears
We recently (within the last two weeks) started getting a very large
number of logs like this:
postfix/smtpd[29456]: lost connection after RCPT from
cel-broadband1-ws-72.dsl.airstreamcomm.net[64.33.198.73]
After doing packet traces it appears that the client is sending RST
packets to our server
21 matches
Mail list logo
