On Tue, Feb 07, 2023 at 05:59:52PM +0100, Wolfgang Paul Rauchholz wrote:
> Feb 5 03:50:12 home postfix/smtps/smtpd[402300]:
> SSL_accept error from unknown[10.5.2.1]: lost connection
> Feb 5 03:50:12 home postfix/smtps/smtpd[402300]:
> lost connection after CONNECT from unknown[10.5.2.1]
> Feb 5 03:50:12 home postfix/smtps/smtpd[402300]:
> disconnect from unknown[10.5.2.1] commands=0/0
Something (was the address actually 10.5.2.1, or did you replace it for
"privacy") connected to the port 465 implicit TLS submission service.
And probably disconnected without even initiating an SSL handshake.
Are any of your authorised devices or users having problems sending
email? If not, you don't have a problem, except perhaps that the
connection is coming from a private IP address 10.0.0.0/8, which may a
configuration issue on your firewall, external IPs should not be changed
in transit. Of course this could also be a source that is internal to
your network.
> I do have letsencrypt certificates that seem to be ok (domain
> wo-lar.com) I added this to the /main.cf config file.
These are likely irrelevant.
> Where do I need to start looking? Thanks for your insights.
Is there an actual problem? Unless you're concerned about unexpected
connection attempts from a seemingly internal IP, there's nothing to
worry about, port scans and TLS scans are a fact of life on the
internet. Some (like my DANE survey[1]) are even for the public good,
rather than malicious.
--
Viktor.
[1] https://stats.dnssec-tools.org/
