On Thu, Aug 18, 2022 at 03:10:57PM -0400, post...@ptld.com wrote:
> I am trying to understand what the connecting client is doing in this
> situation on submission port 587. I replaced my domain with
> example.com.
>
> Aug 18 14:15:27 mx postfix/smtpd[26495]: warning: hostname
> dsl-201-121-80-137-dyn.prod-infinitum.com.mx does not resolve to address
> 201.121.80.137: Name or service not known
> Aug 18 14:15:27 mx postfix/smtpd[26495]: connect from unknown[201.121.80.137]
> Aug 18 14:15:27 mx postfix/smtpd[26495]: NOQUEUE: reject: RCPT from
> unknown[201.121.80.137]: 554 5.7.1 <r99...@gmail.com>: Recipient address
> rejected: Access denied; from=<test...@example.com> to=<r99...@gmail.com>
> proto=ESMTP helo=<TDA1017C2>
> Aug 18 14:15:27 mx postfix/smtpd[26495]: lost connection after RCPT from
> unknown[201.121.80.137]
This client DID NOT attempt to guess a login name + password, nor even
both with TLS (you should only enable SASL after TLS):
main.cf:
smtpd_tls_auth_only = yes
It sent:
EHLO TDA1017C2
MAIL FROM:<test...@example.com>
RCPT TO:<r99...@gmail.com>
with "RCPT TO:" rejected by your server, at which point the client
closed the connection without sending QUIT.
> Aug 18 14:15:27 mx postfix/smtpd[26495]: disconnect from
> unknown[201.121.80.137] ehlo=1 mail=1 rcpt=0/1 commands=2/3
>
> Normally when someone is trying to guess submission logins i would see
> something like:
> warning: unknown[62.233.50.137]: SASL PLAIN authentication failed: Connection
> lost to authentication server
--
Viktor.
