On 2018-08-30 at 12:27 +0200, Mark Elkins via Exim-dev wrote: > What this is telling me is someone at 157.0.116.189 is making > connections to my mail server - presumable to see if they can detect the > accounts of users on my machine?
This really belongs on exim-users, not exim-dev (bcc'd) because it's not about the development of Exim itself. What else do the logs show? It could just be network reliability issues or dumb clients which don't send QUIT and instead just drop connections. The following not-enabled-by-default `log_selector` options might be of interest: smtp_connection incoming SMTP connections smtp_incomplete_transaction incomplete SMTP transactions smtp_no_mail session with no MAIL commands smtp_protocol_error SMTP protocol errors smtp_syntax_error SMTP syntax errors Eg, `smtp_no_mail` will add a log-line for connections which are ended without an SMTP mail transaction. Thus my monitoring probes for DANE log (censored): 2018-09-03 00:09:00 [19598] no MAIL in SMTP connection from XYZ (smtpdane.invalid) [2001:db8::1]:35490 I=[2001:db8::2]:25 D=0s X=TLSv1.2:ECDHE-RSA-CHACHA20-POLY1305:256 CV=no SNI="mx.spodhuis.org" C=EHLO,STARTTLS,EHLO,QUIT Without more detail, you can't assert what the cause or reason for non-QUIT connections might be. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
