Hello,
This is a rather specific question, but I could not think of a better
place to ask than this list.
I am running Postfix on a system with RBAC/grsecurity. In RBAC, every
Postfix process (subject) has its rules, for files which it can
read/write, ports to open, etc
For example, /usr/lib/postfix/smtpd running as user postfix has
following rules:
subject /usr/lib/postfix/smtpd o {
/ h
/etc/ h
/etc/gai.conf r
/etc/host.conf r
/etc/hosts r
/etc/ld.so.cache r
/etc/localtime r
/etc/resolv.conf r
/lib/x86_64-linux-gnu/ rx
/var/spool/postfix/ rw
-CAP_ALL
bind 0.0.0.0/32:25 stream tcp
bind 0.0.0.0/32:465 stream tcp
connect 0.0.0.0/0:53 dgram udp
sock_allow_family netlink ipv4
}
The only remote connections allowed are to udp port 53. Now RBAC is
logging following error messages:
postfix:U:/usr/lib/postfix/smtpd denied connect() to 74.208.4.197 port
0 sock type dgram protocol udp
In postfix logs, I can see that email was successfully delivered at the
same time, from 74.208.4.197, and there are no errors in the postfix
logs. So whatever was denied, it was not essential for email delivery.
Can somebody please explain what smtpd is trying to do? Why does it try
to connect to "port 0". What is port 0, anyway - is it raw socket? Is
smtpd supposed to connect to anything other than udp 53 ?
I have seen this error repeatedly from the same sender. Other senders/IP
addresses do not generate this error.
regards,
Thomas
