Connections from "unknown"

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Connections from "unknown"

J Doe
Hello,

I noticed something interesting in my logs today.  I am running Postfix 3.3.1:

        Aug 24 21:09:25 server postfix/submission/smtpd[10256]: connect from unknown[unknown]:unknown
        Aug 24 21:09:25 server postfix/submission/smtpd[10256]: lost connection after CONNECT from unknown[unknown]:unknown
        Aug 24 21:09:25 server postfix/submission/smtpd[10256]: disconnect from unknown[unknown]:unknown commands=0/0

It is clear that this was a bad connection, but under what circumstances does Postfix consider a remote connection’s address as “unknown” ?  Wouldn’t Postfix always know the remote IPv4/IPv6 address because when a client connects to the server the address is passed from the OS to Postfix ?

Thanks,

- J
Reply | Threaded
Open this post in threaded view
|

Re: Connections from "unknown"

Wietse Venema
J Doe:

> Hello,
>
> I noticed something interesting in my logs today.  I am running Postfix 3.3.1:
>
> Aug 24 21:09:25 server postfix/submission/smtpd[10256]: connect from unknown[unknown]:unknown
> Aug 24 21:09:25 server postfix/submission/smtpd[10256]: lost connection after CONNECT from unknown[unknown]:unknown
> Aug 24 21:09:25 server postfix/submission/smtpd[10256]: disconnect from unknown[unknown]:unknown commands=0/0
>
> It is clear that this was a bad connection, but under what
> circumstances does Postfix consider a remote connection?s address
> as ?unknown? ?  Wouldn?t Postfix always know the remote IPv4/IPv6
> address because when a client connects to the server the address
> is passed from the OS to Postfix ?

"unknown" clients are defined in
http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname

  reject_unknown_client_hostname (with Postfix < 2.3: reject_unknown_client)

    Reject the request when 1) the client IP address->name mapping
    fails, or 2) the name->address mapping fails, or 3) the
    name->address mapping does not match the client IP address.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Connections from "unknown"

Wietse Venema
Wietse Venema:

> J Doe:
> > Hello,
> >
> > I noticed something interesting in my logs today.  I am running Postfix 3.3.1:
> >
> > Aug 24 21:09:25 server postfix/submission/smtpd[10256]: connect from unknown[unknown]:unknown
> > Aug 24 21:09:25 server postfix/submission/smtpd[10256]: lost connection after CONNECT from unknown[unknown]:unknown
> > Aug 24 21:09:25 server postfix/submission/smtpd[10256]: disconnect from unknown[unknown]:unknown commands=0/0
> >
> > It is clear that this was a bad connection, but under what
> > circumstances does Postfix consider a remote connection?s address
> > as ?unknown? ?  Wouldn?t Postfix always know the remote IPv4/IPv6
> > address because when a client connects to the server the address
> > is passed from the OS to Postfix ?
>
> "unknown" clients are defined in
> http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname
>
>   reject_unknown_client_hostname (with Postfix < 2.3: reject_unknown_client)
>
>     Reject the request when 1) the client IP address->name mapping
>     fails, or 2) the name->address mapping fails, or 3) the
>     name->address mapping does not match the client IP address.

The "unknown" address means that the connection was already closed
when Postfix asked the OS for the client IP address.

        Wietse