looking for a little documentation please

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

looking for a little documentation please

angelo

Hi, i read this

http://www.postfix.org/OVERVIEW.html

which got me to this

http://www.postfix.org/smtpd.8.html

 

Then i got lost...

 

I am trying to diagnose the details of what smtpd does when a client

tries to connect to my postfix server, based on these 2 lines

 

Nov 21 09:00:15 mail5 postfix/smtpd[31265]: lost connection after CONNECT from unknown[unknown]

Nov 21 09:00:15 mail5 postfix/smtpd[31265]: disconnect from unknown[unknown]

 

 

 

that PID 31265 was running along happily processing mail from one IP over port 25 cuz

that IP is in the mynetworks setting. Then those 2 lines and that pid is not seen again.

 

Is the 1st line reporting the result of the HELO/EHLO command ?

 

 

thanks for any hints.

 

 

-ANGELO FAZZINA

 

[hidden email]

University of Connecticut,  ITS, SSG, Server Systems

860-486-9075

 

Reply | Threaded
Open this post in threaded view
|

Re: looking for a little documentation please

Jaroslaw Rafa
Dnia 21.11.2019 o godz. 15:54:04 Fazzina, Angelo pisze:
>
> Nov 21 09:00:15 mail5 postfix/smtpd[31265]: lost connection after CONNECT from unknown[unknown]
> Nov 21 09:00:15 mail5 postfix/smtpd[31265]: disconnect from unknown[unknown]

CONNECT indicates that something tried to connect to your SMTP server as if
it were a HTTP proxy. I see a lot of such stupid attempts in my logs,
because I run submission on a non-standard port.

What is strange is that "unknown[unknown]" part - looks like Postfix wasn't
even able to determine the IP address of the connecting client???
--
Regards,
   Jaroslaw Rafa
   [hidden email]
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Reply | Threaded
Open this post in threaded view
|

Re: looking for a little documentation please

Viktor Dukhovni
In reply to this post by angelo
> On Nov 21, 2019, at 10:54 AM, Fazzina, Angelo <[hidden email]> wrote:
>
> ov 21 09:00:15 mail5 postfix/smtpd[31265]: lost connection after CONNECT from unknown[unknown]
> Nov 21 09:00:15 mail5 postfix/smtpd[31265]: disconnect from unknown[unknown]

The connection was lost right after it was established, before
the client sent any SMTP commands, and indeed the client had
already reset the connection by the time smtpd(8) accepted it,
so that even the client's IP address was no longer available.

> that PID 31265 was running along happily processing mail from one IP over port 25 cuz
> that IP is in the mynetworks setting. Then those 2 lines and that pid is not seen again.

The previous connection is unrelated.

> Is the 1st line reporting the result of the HELO/EHLO command ?

No.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

RE: looking for a little documentation please

angelo
Thank you for clearing that up.
Since this client I have is having trouble and I am trying to determine if the clients IP is the one generating these log entries do you think these to settings will give me more info in the logs for smtpd related data ?

  debug_peer_level (x)
and
  debug_peer_list (y)

thank  you.

-ANGELO FAZZINA

[hidden email]
University of Connecticut,  ITS, SSG, Server Systems
860-486-9075


-----Original Message-----
From: [hidden email] <[hidden email]> On Behalf Of Viktor Dukhovni
Sent: Thursday, November 21, 2019 11:07 AM
To: Postfix users <[hidden email]>
Subject: Re: looking for a little documentation please

> On Nov 21, 2019, at 10:54 AM, Fazzina, Angelo <[hidden email]> wrote:
>
> ov 21 09:00:15 mail5 postfix/smtpd[31265]: lost connection after CONNECT from unknown[unknown]
> Nov 21 09:00:15 mail5 postfix/smtpd[31265]: disconnect from unknown[unknown]

The connection was lost right after it was established, before
the client sent any SMTP commands, and indeed the client had
already reset the connection by the time smtpd(8) accepted it,
so that even the client's IP address was no longer available.

> that PID 31265 was running along happily processing mail from one IP over port 25 cuz
> that IP is in the mynetworks setting. Then those 2 lines and that pid is not seen again.

The previous connection is unrelated.

> Is the 1st line reporting the result of the HELO/EHLO command ?

No.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: looking for a little documentation please

Noel Jones-2
On 11/21/2019 10:18 AM, Fazzina, Angelo wrote:
> Thank you for clearing that up.
> Since this client I have is having trouble and I am trying to determine if the clients IP is the one generating these log entries do you think these to settings will give me more info in the logs for smtpd related data ?
>
>    debug_peer_level (x)
> and
>    debug_peer_list (y)


For the unknown[unknown] connections, postfix doesn't know the peer,
so the above won't give any additional information.

You might be able to use a packet sniffer such as tcpdump or
wireshark to see the connecting IP before it drops.


   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

RE: looking for a little documentation please

angelo
Thank you, I need to learn to Google better, my bad.

https://groups.google.com/forum/#!topic/mailing.postfix.users/mpeVD0d56zM

Wietse, seems to have answered this question in the past.

I am going to just do more simultaneous testing with client like you said and sniff the wire.

Thanks everyone.

-ANGELO FAZZINA

[hidden email]
University of Connecticut,  ITS, SSG, Server Systems
860-486-9075


-----Original Message-----
From: [hidden email] <[hidden email]> On Behalf Of Noel Jones
Sent: Thursday, November 21, 2019 11:48 AM
To: [hidden email]
Subject: Re: looking for a little documentation please

On 11/21/2019 10:18 AM, Fazzina, Angelo wrote:
> Thank you for clearing that up.
> Since this client I have is having trouble and I am trying to determine if the clients IP is the one generating these log entries do you think these to settings will give me more info in the logs for smtpd related data ?
>
>    debug_peer_level (x)
> and
>    debug_peer_list (y)


For the unknown[unknown] connections, postfix doesn't know the peer,
so the above won't give any additional information.

You might be able to use a packet sniffer such as tcpdump or
wireshark to see the connecting IP before it drops.


   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: looking for a little documentation please

Viktor Dukhovni
In reply to this post by angelo


> On Nov 21, 2019, at 11:18 AM, Fazzina, Angelo <[hidden email]> wrote:
>
> Thank you for clearing that up.
> Since this client I have is having trouble and I am trying to determine if the clients IP is the one generating these log entries do you think these to settings will give me more info in the logs for smtpd related data ?

No, because, as I already explained, by the time smtpd(8) accepts the
connection it is already reset.  There's nothing to log.  You need to
use tcpdump or tshark to record PCAP files of traffic with this client
and peer deeply into those.

--
        Viktor.