Problem connecting any ips to mi postfix server

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem connecting any ips to mi postfix server

Francesc Peñalvez-2
There are some ips that when wanting to connect with my postfix it is
impossible to do so when connecting in the same second they disconnect
without sending any data
for example:

Sep 26 21:20:47 ns postfix / smtpd [4679]: connect from
mail2.segurcaixaadeslas.es [195.77.158.25]
Sep 26 21:20:47 ns postfix / smtpd [4679]: disconnect from
mail2.segurcaixaadeslas.es [195.77.158.25]


This is my postconf -n configuration

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
allow_untrusted_routing = yes
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
ignore_mx_lookup_error = yes
inet_protocols = ipv4
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = ns.almogavers.net, localhost.almogavers.net,
almogavers.net , localhost
myhostname = ns.almogavers.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.2
mynetworks_style = class
myorigin = /etc/mailname
notify_classes = bounce, 2bounce, delay, policy, protocol, resource,
software
readme_directory = no
recipient_delimiter = +
sender_bcc_maps = hash:/etc/postfix/bcc
sender_dependent_default_transport_maps = hash:/etc/postfix/dependent
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces
permit_tls_all_clientcerts reject_unknown_reverse_client_hostname
permit_sasl_authenticated
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit
smtpd_recipient_restrictions = permit_sasl_authenticated
permit_mynetworks reject_unauth_destination reject_unauth_destination
reject_invalid_hostname reject_non_fqdn_hostname reject_non_fqdn_sender
reject_non_fqdn_recipient reject_unknown_sender_domain
reject_unknown_recipient_domain permit_mynetworks reject_rbl_client
sbl.spamhaus.org reject_rbl_client cbl.abuseat.org reject_rbl_client
dul.dnsbl.sorbs.net permit_inet_interfaces
reject_unknown_reverse_client_hostname check_policy_service
inet:127.0.0.1:10023
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination permit_inet_interfaces
reject_unknown_reverse_client_hostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
smtpd_tls_key_file = /etc/postfix/postfix.key.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual


--
*************************************************************************************************
Este mensaje y todos los archivos adjuntos son confidenciales y de uso exclusivo por parte
de su/sus destinatario/s. Si usted ha recibido este mensaje por error, le agradecemos que
lo notifique inmediatamente al remitente y destruya el mensaje. Queda prohibida cualquier
modificación, edición, uso o divulgación no autorizados. El Emisor no se hace responsable
de este mensaje si ha sido modificado, distorsionado, falsificado, infectado por un virus o
editado o difundido sin autorización.


***********************************************************************************************
This message and any attachments are confidential and intended for the named addressee(s) only.
If you have received this message in error, please notify immediately the sender, then delete
the message. Any unauthorized modification, edition, use or dissemination is prohibited.
The sender shall not be liable for this message if it has been modified, altered, falsified, infected
by a virus or even edited or disseminated without authorization.
***********************************************************************************************



smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Problem connecting any ips to mi postfix server

Wietse Venema
Francesc Pe?alvez:
> There are some ips that when wanting to connect with my postfix it is
> impossible to do so when connecting in the same second they disconnect
> without sending any data
> for example:
>
> Sep 26 21:20:47 ns postfix / smtpd [4679]: connect from
> mail2.segurcaixaadeslas.es [195.77.158.25]
> Sep 26 21:20:47 ns postfix / smtpd [4679]: disconnect from
> mail2.segurcaixaadeslas.es [195.77.158.25]

This requires a network recording, because the client does not send
any commands (I assume that you have Postfix 3.0 or later).

See http://www.postfix.org/DEBUG_README.html

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Problem connecting any ips to mi postfix server

Francesc Peñalvez-2
El 27/09/2018 a las 1:19, Wietse Venema escribió:

> Francesc Pe?alvez:
>> There are some ips that when wanting to connect with my postfix it is
>> impossible to do so when connecting in the same second they disconnect
>> without sending any data
>> for example:
>>
>> Sep 26 21:20:47 ns postfix / smtpd [4679]: connect from
>> mail2.segurcaixaadeslas.es [195.77.158.25]
>> Sep 26 21:20:47 ns postfix / smtpd [4679]: disconnect from
>> mail2.segurcaixaadeslas.es [195.77.158.25]
> This requires a network recording, because the client does not send
> any commands (I assume that you have Postfix 3.0 or later).
>
> See http://www.postfix.org/DEBUG_README.html
>
> Wietse
>
this indicate misconfiguration of remote server or mi postfix?


Sep 27 01:46:17 ns postfix/smtpd[11030]: match_list_match:
mail2.segurcaixaadeslas.es: no match
Sep 27 01:46:17 ns postfix/smtpd[11030]: match_list_match:
195.77.158.25: no match
Sep 27 01:46:17 ns postfix/smtpd[11030]: send attr request = connect
Sep 27 01:46:17 ns postfix/smtpd[11030]: send attr ident =
smtpd:195.77.158.25
Sep 27 01:46:17 ns postfix/smtpd[11030]: private/anvil: wanted
attribute: status
Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute name: status
Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute value: 0
Sep 27 01:46:17 ns postfix/smtpd[11030]: private/anvil: wanted
attribute: count
Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute name: count
Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute value: 1
Sep 27 01:46:17 ns postfix/smtpd[11030]: private/anvil: wanted
attribute: rate
Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute name: rate
Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute value: 1
Sep 27 01:46:17 ns postfix/smtpd[11030]: private/anvil: wanted
attribute: (list terminator)
Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute name: (end)
Sep 27 01:46:17 ns postfix/smtpd[11030]: >
mail2.segurcaixaadeslas.es[195.77.158.25]: 220 ns.almogavers.net ESMTP
Postfix
Sep 27 01:46:17 ns postfix/smtpd[11030]: watchdog_pat: 0x5613c7b868b0
Sep 27 01:46:17 ns postfix/smtpd[11030]: <
mail2.segurcaixaadeslas.es[195.77.158.25]: EHLO mail2.segurcaixaadeslas.es
Sep 27 01:46:17 ns postfix/smtpd[11030]: match_list_match:
mail2.segurcaixaadeslas.es: no match
Sep 27 01:46:17 ns postfix/smtpd[11030]: match_list_match:
195.77.158.25: no match
Sep 27 01:46:17 ns postfix/smtpd[11030]: >
mail2.segurcaixaadeslas.es[195.77.158.25]: 250-ns.almogavers.net
Sep 27 01:46:17 ns postfix/smtpd[11030]: >
mail2.segurcaixaadeslas.es[195.77.158.25]: 250-PIPELINING
Sep 27 01:46:17 ns postfix/smtpd[11030]: >
mail2.segurcaixaadeslas.es[195.77.158.25]: 250-SIZE 10240000
Sep 27 01:46:17 ns postfix/smtpd[11030]: >
mail2.segurcaixaadeslas.es[195.77.158.25]: 250-VRFY
Sep 27 01:46:17 ns postfix/smtpd[11030]: >
mail2.segurcaixaadeslas.es[195.77.158.25]: 250-ETRN
Sep 27 01:46:17 ns postfix/smtpd[11030]: >
mail2.segurcaixaadeslas.es[195.77.158.25]: 250-STARTTLS
Sep 27 01:46:17 ns postfix/smtpd[11030]: >
mail2.segurcaixaadeslas.es[195.77.158.25]: 250-ENHANCEDSTATUSCODES
Sep 27 01:46:17 ns postfix/smtpd[11030]: >
mail2.segurcaixaadeslas.es[195.77.158.25]: 250-8BITMIME
Sep 27 01:46:17 ns postfix/smtpd[11030]: >
mail2.segurcaixaadeslas.es[195.77.158.25]: 250 DSN
Sep 27 01:46:17 ns postfix/smtpd[11030]: watchdog_pat: 0x5613c7b868b0
Sep 27 01:46:17 ns postfix/smtpd[11030]: <
mail2.segurcaixaadeslas.es[195.77.158.25]: MAIL
FROM:<[hidden email]> SIZE=6653
Sep 27 01:46:17 ns postfix/smtpd[11030]: >
mail2.segurcaixaadeslas.es[195.77.158.25]: 530 5.7.0 Must issue a
STARTTLS command first
Sep 27 01:46:17 ns postfix/smtpd[11030]: watchdog_pat: 0x5613c7b868b0
Sep 27 01:46:17 ns postfix/smtpd[11030]: <
mail2.segurcaixaadeslas.es[195.77.158.25]: QUIT
Sep 27 01:46:17 ns postfix/smtpd[11030]: >
mail2.segurcaixaadeslas.es[195.77.158.25]: 221 2.0.0 Bye
Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostname:
mail2.segurcaixaadeslas.es ~? 127.0.0.0/8
Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostaddr: 195.77.158.25
~? 127.0.0.0/8
Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostname:
mail2.segurcaixaadeslas.es ~? [::ffff:127.0.0.0]/104
Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostaddr: 195.77.158.25
~? [::ffff:127.0.0.0]/104
Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostname:
mail2.segurcaixaadeslas.es ~? [::1]/128
Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostaddr: 195.77.158.25
~? [::1]/128
Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostname:
mail2.segurcaixaadeslas.es ~? 192.168.2
Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostaddr: 195.77.158.25
~? 192.168.2
Sep 27 01:46:17 ns postfix/smtpd[11030]: match_list_match:
mail2.segurcaixaadeslas.es: no match
Sep 27 01:46:17 ns postfix/smtpd[11030]: match_list_match:
195.77.158.25: no match
Sep 27 01:46:17 ns postfix/smtpd[11030]: send attr request = disconnect
Sep 27 01:46:17 ns postfix/smtpd[11030]: send attr ident =
smtpd:195.77.158.25
Sep 27 01:46:17 ns postfix/smtpd[11030]: private/anvil: wanted
attribute: status
Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute name: status
Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute value: 0
Sep 27 01:46:17 ns postfix/smtpd[11030]: private/anvil: wanted
attribute: (list terminator)
Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute name: (end)
Sep 27 01:46:17 ns postfix/smtpd[11030]: disconnect from
mail2.segurcaixaadeslas.es[195.77.158.25]


I see the remote server dont use starttls is correct? can i configure my
postfix for ignore this option for some remote servers? this only
appears for this server and tomtom.com´ servers.Before, that did not
happen to me at least with the tomtom server.

How can I solve this problem without affecting the security of my
postfix server?

--
*************************************************************************************************
Este mensaje y todos los archivos adjuntos son confidenciales y de uso exclusivo por parte
de su/sus destinatario/s. Si usted ha recibido este mensaje por error, le agradecemos que
lo notifique inmediatamente al remitente y destruya el mensaje. Queda prohibida cualquier
modificación, edición, uso o divulgación no autorizados. El Emisor no se hace responsable
de este mensaje si ha sido modificado, distorsionado, falsificado, infectado por un virus o
editado o difundido sin autorización.


***********************************************************************************************
This message and any attachments are confidential and intended for the named addressee(s) only.
If you have received this message in error, please notify immediately the sender, then delete
the message. Any unauthorized modification, edition, use or dissemination is prohibited.
The sender shall not be liable for this message if it has been modified, altered, falsified, infected
by a virus or even edited or disseminated without authorization.
***********************************************************************************************



smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Problem connecting any ips to mi postfix server

Francesc Peñalvez-2
El 27/09/2018 a las 1:50, Francesc Peñalvez escribió:

> El 27/09/2018 a las 1:19, Wietse Venema escribió:
>> Francesc Pe?alvez:
>>> There are some ips that when wanting to connect with my postfix it is
>>> impossible to do so when connecting in the same second they disconnect
>>> without sending any data
>>> for example:
>>>
>>> Sep 26 21:20:47 ns postfix / smtpd [4679]: connect from
>>> mail2.segurcaixaadeslas.es [195.77.158.25]
>>> Sep 26 21:20:47 ns postfix / smtpd [4679]: disconnect from
>>> mail2.segurcaixaadeslas.es [195.77.158.25]
>> This requires a network recording, because the client does not send
>> any commands (I assume that you have Postfix 3.0 or later).
>>
>> See http://www.postfix.org/DEBUG_README.html
>>
>>     Wietse
>>
> this indicate misconfiguration of remote server or mi postfix?
>
>
> Sep 27 01:46:17 ns postfix/smtpd[11030]: match_list_match:
> mail2.segurcaixaadeslas.es: no match
> Sep 27 01:46:17 ns postfix/smtpd[11030]: match_list_match:
> 195.77.158.25: no match
> Sep 27 01:46:17 ns postfix/smtpd[11030]: send attr request = connect
> Sep 27 01:46:17 ns postfix/smtpd[11030]: send attr ident =
> smtpd:195.77.158.25
> Sep 27 01:46:17 ns postfix/smtpd[11030]: private/anvil: wanted
> attribute: status
> Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute name: status
> Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute value: 0
> Sep 27 01:46:17 ns postfix/smtpd[11030]: private/anvil: wanted
> attribute: count
> Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute name: count
> Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute value: 1
> Sep 27 01:46:17 ns postfix/smtpd[11030]: private/anvil: wanted
> attribute: rate
> Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute name: rate
> Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute value: 1
> Sep 27 01:46:17 ns postfix/smtpd[11030]: private/anvil: wanted
> attribute: (list terminator)
> Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute name: (end)
> Sep 27 01:46:17 ns postfix/smtpd[11030]: >
> mail2.segurcaixaadeslas.es[195.77.158.25]: 220 ns.almogavers.net ESMTP
> Postfix
> Sep 27 01:46:17 ns postfix/smtpd[11030]: watchdog_pat: 0x5613c7b868b0
> Sep 27 01:46:17 ns postfix/smtpd[11030]: <
> mail2.segurcaixaadeslas.es[195.77.158.25]: EHLO
> mail2.segurcaixaadeslas.es
> Sep 27 01:46:17 ns postfix/smtpd[11030]: match_list_match:
> mail2.segurcaixaadeslas.es: no match
> Sep 27 01:46:17 ns postfix/smtpd[11030]: match_list_match:
> 195.77.158.25: no match
> Sep 27 01:46:17 ns postfix/smtpd[11030]: >
> mail2.segurcaixaadeslas.es[195.77.158.25]: 250-ns.almogavers.net
> Sep 27 01:46:17 ns postfix/smtpd[11030]: >
> mail2.segurcaixaadeslas.es[195.77.158.25]: 250-PIPELINING
> Sep 27 01:46:17 ns postfix/smtpd[11030]: >
> mail2.segurcaixaadeslas.es[195.77.158.25]: 250-SIZE 10240000
> Sep 27 01:46:17 ns postfix/smtpd[11030]: >
> mail2.segurcaixaadeslas.es[195.77.158.25]: 250-VRFY
> Sep 27 01:46:17 ns postfix/smtpd[11030]: >
> mail2.segurcaixaadeslas.es[195.77.158.25]: 250-ETRN
> Sep 27 01:46:17 ns postfix/smtpd[11030]: >
> mail2.segurcaixaadeslas.es[195.77.158.25]: 250-STARTTLS
> Sep 27 01:46:17 ns postfix/smtpd[11030]: >
> mail2.segurcaixaadeslas.es[195.77.158.25]: 250-ENHANCEDSTATUSCODES
> Sep 27 01:46:17 ns postfix/smtpd[11030]: >
> mail2.segurcaixaadeslas.es[195.77.158.25]: 250-8BITMIME
> Sep 27 01:46:17 ns postfix/smtpd[11030]: >
> mail2.segurcaixaadeslas.es[195.77.158.25]: 250 DSN
> Sep 27 01:46:17 ns postfix/smtpd[11030]: watchdog_pat: 0x5613c7b868b0
> Sep 27 01:46:17 ns postfix/smtpd[11030]: <
> mail2.segurcaixaadeslas.es[195.77.158.25]: MAIL
> FROM:<[hidden email]> SIZE=6653
> Sep 27 01:46:17 ns postfix/smtpd[11030]: >
> mail2.segurcaixaadeslas.es[195.77.158.25]: 530 5.7.0 Must issue a
> STARTTLS command first
> Sep 27 01:46:17 ns postfix/smtpd[11030]: watchdog_pat: 0x5613c7b868b0
> Sep 27 01:46:17 ns postfix/smtpd[11030]: <
> mail2.segurcaixaadeslas.es[195.77.158.25]: QUIT
> Sep 27 01:46:17 ns postfix/smtpd[11030]: >
> mail2.segurcaixaadeslas.es[195.77.158.25]: 221 2.0.0 Bye
> Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostname:
> mail2.segurcaixaadeslas.es ~? 127.0.0.0/8
> Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostaddr: 195.77.158.25
> ~? 127.0.0.0/8
> Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostname:
> mail2.segurcaixaadeslas.es ~? [::ffff:127.0.0.0]/104
> Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostaddr: 195.77.158.25
> ~? [::ffff:127.0.0.0]/104
> Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostname:
> mail2.segurcaixaadeslas.es ~? [::1]/128
> Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostaddr: 195.77.158.25
> ~? [::1]/128
> Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostname:
> mail2.segurcaixaadeslas.es ~? 192.168.2
> Sep 27 01:46:17 ns postfix/smtpd[11030]: match_hostaddr: 195.77.158.25
> ~? 192.168.2
> Sep 27 01:46:17 ns postfix/smtpd[11030]: match_list_match:
> mail2.segurcaixaadeslas.es: no match
> Sep 27 01:46:17 ns postfix/smtpd[11030]: match_list_match:
> 195.77.158.25: no match
> Sep 27 01:46:17 ns postfix/smtpd[11030]: send attr request = disconnect
> Sep 27 01:46:17 ns postfix/smtpd[11030]: send attr ident =
> smtpd:195.77.158.25
> Sep 27 01:46:17 ns postfix/smtpd[11030]: private/anvil: wanted
> attribute: status
> Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute name: status
> Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute value: 0
> Sep 27 01:46:17 ns postfix/smtpd[11030]: private/anvil: wanted
> attribute: (list terminator)
> Sep 27 01:46:17 ns postfix/smtpd[11030]: input attribute name: (end)
> Sep 27 01:46:17 ns postfix/smtpd[11030]: disconnect from
> mail2.segurcaixaadeslas.es[195.77.158.25]
>
>
> I see the remote server dont use starttls is correct? can i configure
> my postfix for ignore this option for some remote servers? this only
> appears for this server and tomtom.com´ servers.Before, that did not
> happen to me at least with the tomtom server.
>
> How can I solve this problem without affecting the security of my
> postfix server?
>
fixed i configure postfix so that only ask for tls if the client
requests it before it was configured always request tls

--
*************************************************************************************************
Este mensaje y todos los archivos adjuntos son confidenciales y de uso exclusivo por parte
de su/sus destinatario/s. Si usted ha recibido este mensaje por error, le agradecemos que
lo notifique inmediatamente al remitente y destruya el mensaje. Queda prohibida cualquier
modificación, edición, uso o divulgación no autorizados. El Emisor no se hace responsable
de este mensaje si ha sido modificado, distorsionado, falsificado, infectado por un virus o
editado o difundido sin autorización.


***********************************************************************************************
This message and any attachments are confidential and intended for the named addressee(s) only.
If you have received this message in error, please notify immediately the sender, then delete
the message. Any unauthorized modification, edition, use or dissemination is prohibited.
The sender shall not be liable for this message if it has been modified, altered, falsified, infected
by a virus or even edited or disseminated without authorization.
***********************************************************************************************



smime.p7s (5K) Download Attachment