On 8/8/2011 4:15 PM, [email protected] wrote: > We recently (within the last two weeks) started getting a very large > number of logs like this: > > postfix/smtpd[29456]: lost connection after RCPT from > cel-broadband1-ws-72.dsl.airstreamcomm.net[64.33.198.73] > > After doing packet traces it appears that the client is sending RST > packets to our server, which doesn't make any sense?
It does if it's a crapware spambot. Are these disconnects from legitimate clients you expect to receive mail from? Although the above IP doesn't seem to be on any blacklists right now, the hostname makes it highly suspicious. At any rate, it sounds as if the problem is on the remote end; not a postfix problem. -- Noel Jones
