On Mon, 08 Aug 2011 16:41:59 -0500, Noel Jones <[email protected]> wrote: > On 8/8/2011 4:15 PM, [email protected] wrote: >> We recently (within the last two weeks) started getting a very large >> number of logs like this: >> >> postfix/smtpd[29456]: lost connection after RCPT from >> cel-broadband1-ws-72.dsl.airstreamcomm.net[64.33.198.73] >> >> After doing packet traces it appears that the client is sending RST >> packets to our server, which doesn't make any sense? > > It does if it's a crapware spambot. > > Are these disconnects from legitimate clients you expect to receive > mail from? Although the above IP doesn't seem to be on any > blacklists right now, the hostname makes it highly suspicious. > > At any rate, it sounds as if the problem is on the remote end; not a > postfix problem. > > > > -- Noel Jones
We found out our PIX had somehow freaked out and started applying SMTP inspections that were causing SMTP connections to die prematurely. Thanks for your advice!
