On Thu, 2010-02-25 at 15:43 +0100, Zoltan Balogh wrote:
> Hi List,
>
> I have an old postfix install where I am getting "timeout after
> CONNECT from" error messages upon e-mails being send from one
> particular host. The user is complaining that he is not able to send
> out any e-mail. Other users from the same system are sending mail
> happily without errors. User claims to use MS Outlook client. He was
> trying to send an e-mail with about 500 recipients in one mail (no
> comment) but he says before it was processed without problems. Now he
> claims to have only one outgoing email in his Outbox (others including
> one with 500 recipients was removed).
>
> I do not really understand why Outlook makes so many SMTP connections
> to send out a single mail. Of course I recommended to check for
> viruses or spambots on his computer - client computer seems to be
> clean. I am guessing this is a client problem, but may be there is
> something I am missing in my postfix config. If you have any idea,
> please let me know.
Stop all Outlook instances on the client computer and check if the
computer is still making SMTP connections. If so then a virus or a
spambot is likely to be installed.
>
> Here is a snip from /var/log/mail/info:
> Feb 25 14:07:53 ns postfix/smtpd[1642]: connect from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:08:09 ns postfix/smtpd[1649]: connect from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:08:10 ns postfix/smtpd[1695]: connect from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:09:15 ns postfix/smtpd[1924]: connect from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:09:15 ns postfix/smtpd[1925]: connect from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:10:16 ns postfix/smtpd[3172]: connect from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:10:16 ns postfix/smtpd[1667]: connect from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:11:07 ns postfix/smtpd[32530]: timeout after CONNECT from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:11:07 ns postfix/smtpd[32530]: disconnect from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:11:07 ns postfix/smtpd[17571]: timeout after CONNECT from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:11:07 ns postfix/smtpd[17571]: disconnect from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:11:07 ns postfix/smtpd[16099]: timeout after CONNECT from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:11:07 ns postfix/smtpd[16099]: disconnect from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:11:19 ns postfix/smtpd[32530]: connect from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:11:19 ns postfix/smtpd[16099]: connect from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:11:21 ns postfix/smtpd[15515]: timeout after CONNECT from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:11:21 ns postfix/smtpd[15515]: disconnect from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:11:21 ns postfix/smtpd[15816]: timeout after CONNECT from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
> Feb 25 14:11:21 ns postfix/smtpd[15816]: disconnect from
> adsl-d128.84-47-53.t-com.sk[84.47.53.128]
>
> .. such log messages are appearing constantly for the past 2 days.
>
> Of course reguraly I get the following:
> Feb 25 14:13:40 ns postfix/anvil[21586]: statistics: max connection
> rate 9/60s for (smtp:84.47.53.128) at Feb 25 14:07:07
> Feb 25 14:13:40 ns postfix/anvil[21586]: statistics: max connection
> count 19 for (smtp:84.47.53.128) at Feb 25 14:10:16
>
> There are always 5 to 15 SMTP connects hanging from the same IP.
> # netstat -ap
> tcp 0 0 *:smtp *:*
> LISTEN 1519/smtpd
> tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23729
> ESTABLISHED 16165/smtpd
> tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23732
> ESTABLISHED 1519/smtpd
> tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23682
> ESTABLISHED 1667/smtpd
> tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23681
> ESTABLISHED 3172/smtpd
> tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23710
> ESTABLISHED 32530/smtpd
> tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23711
> ESTABLISHED 16099/smtpd
> tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23662
> ESTABLISHED 1925/smtpd
> tcp 0 24 ns.myhost.sk:smtp adsl-d128.84-47-5:23661
> ESTABLISHED 1924/smtpd
>
> In the following my server host domain is forged to "myhost.sk":
>
> # postconf -n
> alias_database = hash:/usr/local/postfix/conf/aliases
> alias_maps = hash:/usr/local/postfix/conf/aliases
> body_checks = regexp:/usr/local/postfix/conf/body_checks
> command_directory = /usr/local/postfix-2.2.3/bin
> config_directory = /usr/local/postfix-2.2.3/conf
> content_filter = smtp-amavis:[127.0.0.1]:10024
> daemon_directory = /usr/local/postfix-2.2.3/libexec
> debug_peer_level = 2
> delay_notice_recipient = i...@myhost.sk
> disable_vrfy_command = yes
> error_notice_recipient = i...@myhost.sk
> header_checks = regexp:/usr/local/postfix/conf/header_checks
> html_directory = /usr/local/postfix-2.2.3/html
> inet_interfaces = all
> local_recipient_maps = proxy:unix:passwd.byname $alias_maps $virtual_maps
> mail_owner = postfix
> mailbox_command = /usr/bin/procmail
> mailbox_size_limit = 281200000
> mailq_path = /usr/local/postfix-2.2.3/mailq
> manpage_directory = /usr/local/postfix-2.2.3/man
> max_use = 10
> message_size_limit = 120000000
> mime_header_checks = regexp:/usr/local/postfix/conf/mime_header_checks
> mydestination = $myhostname
> mydomain = myhost.sk
> myhostname = ns.myhost.sk
> newaliases_path = /usr/local/postfix-2.2.3/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = /usr/local/postfix-2.2.3/readme
> relay_domains = /usr/local/postfix/conf/relay-domains
> sample_directory = /usr/local/postfix-2.2.3/conf
> sendmail_path = /usr/local/postfix-2.2.3/sbin/sendmail
> setgid_group = postdrop
> smtpd_banner = $myhostname ESMTP
> smtpd_client_restrictions = permit_mynetworks, check_client_access
> hash:/usr/local/postfix/conf/access.client, permit
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination,
> reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org,
> reject_rbl_client zen.spamhaus.org
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> smtpd_sender_restrictions = check_sender_access
> hash:/usr/local/postfix/conf/access.sender, reject_non_fqdn_sender,
> reject_unknown_sender_domain
> transport_maps = hash:/usr/local/postfix/conf/transport
> unknown_local_recipient_reject_code = 450
> virtual_alias_domains = hash:/usr/local/postfix/conf/virtual_domains
>
> # cat master.cf
> #amavis
> smtp-amavis unix - - n - 2 smtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes
> -o disable_dns_lookups=yes
>
> 127.0.0.1:10025 inet n - n - - smtpd
> -o content_filter=
> -o local_recipient_maps=
> -o relay_recipient_maps=
> -o smtpd_restriction_classes=
> -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o mynetworks=127.0.0.0/8
> -o strict_rfc821_envelopes=yes
> -o smtpd_error_sleep_time=0
> -o smtpd_soft_error_limit=1001
> -o smtpd_hard_error_limit=1000
> -o receive_override_options=no_header_body_checks
>
>
> # ==========================================================================
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> # ==========================================================================
> smtp inet n - n - 150 smtpd
> #submission inet n - n - - smtpd
> # -o smtpd_etrn_restrictions=reject
> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> #smtps inet n - n - - smtpd
> # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
> #submission inet n - n - - smtpd
> # -o smtpd_etrn_restrictions=reject
> # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
> #628 inet n - n - - qmqpd
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> #qmgr fifo n - n 300 1 oqmgr
> tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - n - 150 smtp
> # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
> relay unix - - n - - smtp
> -o fallback_relay=
> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq unix n - n - - showq
> error unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
>
> # maildrop. See the Postfix MAILDROP_README file for details.
> # Also specify in main.cf: maildrop_destination_recipient_limit=1
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
>
> # The Cyrus deliver program has changed incompatibly, multiple times.
> old-cyrus unix - n n - - pipe
> flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
>
> # Cyrus 2.1.5 (Amos Gouaux)
> # Also specify in main.cf: cyrus_destination_recipient_limit=1
> cyrus unix - n n - - pipe
> user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
>
> # See the Postfix UUCP_README file for configuration details.
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
>
> # Other external delivery methods.
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
>
>
>
> Regards,
> Zoltan
>
> http://zee.balogh.sk/
>
