Re: looking for a little documentation please
> On Nov 21, 2019, at 11:18 AM, Fazzina, Angelo > wrote: > > Thank you for clearing that up. > Since this client I have is having trouble and I am trying to determine if > the clients IP is the one generating these log entries do you think these to > settings will give me more info in the logs for smtpd related data ? No, because, as I already explained, by the time smtpd(8) accepts the connection it is already reset. There's nothing to log. You need to use tcpdump or tshark to record PCAP files of traffic with this client and peer deeply into those. -- Viktor.
RE: looking for a little documentation please
Thank you, I need to learn to Google better, my bad. https://groups.google.com/forum/#!topic/mailing.postfix.users/mpeVD0d56zM Wietse, seems to have answered this question in the past. I am going to just do more simultaneous testing with client like you said and sniff the wire. Thanks everyone. -ANGELO FAZZINA ang...@uconn.edu University of Connecticut, ITS, SSG, Server Systems 860-486-9075 -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Noel Jones Sent: Thursday, November 21, 2019 11:48 AM To: postfix-users@postfix.org Subject: Re: looking for a little documentation please On 11/21/2019 10:18 AM, Fazzina, Angelo wrote: > Thank you for clearing that up. > Since this client I have is having trouble and I am trying to determine if > the clients IP is the one generating these log entries do you think these to > settings will give me more info in the logs for smtpd related data ? > >debug_peer_level (x) > and >debug_peer_list (y) For the unknown[unknown] connections, postfix doesn't know the peer, so the above won't give any additional information. You might be able to use a packet sniffer such as tcpdump or wireshark to see the connecting IP before it drops. -- Noel Jones
Re: looking for a little documentation please
On 11/21/2019 10:18 AM, Fazzina, Angelo wrote: Thank you for clearing that up. Since this client I have is having trouble and I am trying to determine if the clients IP is the one generating these log entries do you think these to settings will give me more info in the logs for smtpd related data ? debug_peer_level (x) and debug_peer_list (y) For the unknown[unknown] connections, postfix doesn't know the peer, so the above won't give any additional information. You might be able to use a packet sniffer such as tcpdump or wireshark to see the connecting IP before it drops. -- Noel Jones
RE: looking for a little documentation please
Thank you for clearing that up. Since this client I have is having trouble and I am trying to determine if the clients IP is the one generating these log entries do you think these to settings will give me more info in the logs for smtpd related data ? debug_peer_level (x) and debug_peer_list (y) thank you. -ANGELO FAZZINA ang...@uconn.edu University of Connecticut, ITS, SSG, Server Systems 860-486-9075 -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Viktor Dukhovni Sent: Thursday, November 21, 2019 11:07 AM To: Postfix users Subject: Re: looking for a little documentation please > On Nov 21, 2019, at 10:54 AM, Fazzina, Angelo > wrote: > > ov 21 09:00:15 mail5 postfix/smtpd[31265]: lost connection after CONNECT from > unknown[unknown] > Nov 21 09:00:15 mail5 postfix/smtpd[31265]: disconnect from unknown[unknown] The connection was lost right after it was established, before the client sent any SMTP commands, and indeed the client had already reset the connection by the time smtpd(8) accepted it, so that even the client's IP address was no longer available. > that PID 31265 was running along happily processing mail from one IP over > port 25 cuz > that IP is in the mynetworks setting. Then those 2 lines and that pid is not > seen again. The previous connection is unrelated. > Is the 1st line reporting the result of the HELO/EHLO command ? No. -- Viktor.
Re: looking for a little documentation please
> On Nov 21, 2019, at 10:54 AM, Fazzina, Angelo > wrote: > > ov 21 09:00:15 mail5 postfix/smtpd[31265]: lost connection after CONNECT from > unknown[unknown] > Nov 21 09:00:15 mail5 postfix/smtpd[31265]: disconnect from unknown[unknown] The connection was lost right after it was established, before the client sent any SMTP commands, and indeed the client had already reset the connection by the time smtpd(8) accepted it, so that even the client's IP address was no longer available. > that PID 31265 was running along happily processing mail from one IP over > port 25 cuz > that IP is in the mynetworks setting. Then those 2 lines and that pid is not > seen again. The previous connection is unrelated. > Is the 1st line reporting the result of the HELO/EHLO command ? No. -- Viktor.
Re: looking for a little documentation please
Dnia 21.11.2019 o godz. 15:54:04 Fazzina, Angelo pisze: > > Nov 21 09:00:15 mail5 postfix/smtpd[31265]: lost connection after CONNECT > from unknown[unknown] > Nov 21 09:00:15 mail5 postfix/smtpd[31265]: disconnect from unknown[unknown] CONNECT indicates that something tried to connect to your SMTP server as if it were a HTTP proxy. I see a lot of such stupid attempts in my logs, because I run submission on a non-standard port. What is strange is that "unknown[unknown]" part - looks like Postfix wasn't even able to determine the IP address of the connecting client??? -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."