smtpd ... SSL_accept error from ... lost connection

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

smtpd ... SSL_accept error from ... lost connection

Dominic Raferd
In general my postfix mail server is working well, it is receiving
emails with optional STARTTLS. But I am occasionally seeing an error
message like this in the log:

2016-12-11 00:32:19 dl1 postfix/smtpd[13665]: SSL_accept error from
unknown[14.215.156.100]: lost connection

The connection giving rise to the error is never from one of our
machines/users. Should I be worried about it? Does it indicate some
bad configuration on my side?

Dominic
Reply | Threaded
Open this post in threaded view
|

Re: smtpd ... SSL_accept error from ... lost connection

John Fawcett
On 12/11/2016 09:25 AM, Dominic Raferd wrote:

> In general my postfix mail server is working well, it is receiving
> emails with optional STARTTLS. But I am occasionally seeing an error
> message like this in the log:
>
> 2016-12-11 00:32:19 dl1 postfix/smtpd[13665]: SSL_accept error from
> unknown[14.215.156.100]: lost connection
>
> The connection giving rise to the error is never from one of our
> machines/users. Should I be worried about it? Does it indicate some
> bad configuration on my side?
>
> Dominic

Dominic

it would help if you posted your configuration.
I suspect that you have the smtps service configured in master.cf. If
anyone is using it, it should be only your own users, so errors from
unrecognised ips will not be a problem and are probably not for any
legitimate reason. If you don't need the smtps service, you should
consider commenting it out completely in master.cf.
John

Reply | Threaded
Open this post in threaded view
|

Re: smtpd ... SSL_accept error from ... lost connection

Dominic Raferd
On 11 December 2016 at 08:43, John Fawcett <[hidden email]> wrote:

> On 12/11/2016 09:25 AM, Dominic Raferd wrote:
>> In general my postfix mail server is working well, it is receiving
>> emails with optional STARTTLS. But I am occasionally seeing an error
>> message like this in the log:
>>
>> 2016-12-11 00:32:19 dl1 postfix/smtpd[13665]: SSL_accept error from
>> unknown[14.215.156.100]: lost connection
>>
>> The connection giving rise to the error is never from one of our
>> machines/users. Should I be worried about it? Does it indicate some
>> bad configuration on my side?
>>
>> Dominic
>
> Dominic
>
> it would help if you posted your configuration.
> I suspect that you have the smtps service configured in master.cf. If
> anyone is using it, it should be only your own users, so errors from
> unrecognised ips will not be a problem and are probably not for any
> legitimate reason. If you don't need the smtps service, you should
> consider commenting it out completely in master.cf.
> John
>

Thanks John for your quick reply. I don't have any smtps configured in
master.cf, I only have smtp port (25) open and I allow opportunistic
TLS (which I require before authentication [for which I use dovecot])
i.e. STARTTLS. So any senders can use TLS if they want. I guess that I
should just ignore these errors from unknown ips as they don't
indicate a security problem on my side?
Reply | Threaded
Open this post in threaded view
|

Re: smtpd ... SSL_accept error from ... lost connection

John Fawcett
In reply to this post by John Fawcett
On 12/11/2016 09:43 AM, John Fawcett wrote:

> On 12/11/2016 09:25 AM, Dominic Raferd wrote:
>> In general my postfix mail server is working well, it is receiving
>> emails with optional STARTTLS. But I am occasionally seeing an error
>> message like this in the log:
>>
>> 2016-12-11 00:32:19 dl1 postfix/smtpd[13665]: SSL_accept error from
>> unknown[14.215.156.100]: lost connection
>>
>> The connection giving rise to the error is never from one of our
>> machines/users. Should I be worried about it? Does it indicate some
>> bad configuration on my side?
>>
>> Dominic
> Dominic
>
> it would help if you posted your configuration.
> I suspect that you have the smtps service configured in master.cf. If
> anyone is using it, it should be only your own users, so errors from
> unrecognised ips will not be a problem and are probably not for any
> legitimate reason. If you don't need the smtps service, you should
> consider commenting it out completely in master.cf.
> John
>
I just did a quick check. I see these errors on STARTTLS in both

smtpd and submission, so maybe they are not linked to smtps.

Nevertheless they can probably be ignored, since if they are

not your own users, the only other legitimate sources would be

email servers transmitting email for your users and those are

very unlikely to be "unknown" as in (unknown[14.215.156.100]:)

which means they don't have proper reverse dns set up.

John

Reply | Threaded
Open this post in threaded view
|

Re: smtpd ... SSL_accept error from ... lost connection

John Fawcett
In reply to this post by Dominic Raferd
On 12/11/2016 10:00 AM, Dominic Raferd wrote:

> On 11 December 2016 at 08:43, John Fawcett <[hidden email]> wrote:
>> On 12/11/2016 09:25 AM, Dominic Raferd wrote:
>>> In general my postfix mail server is working well, it is receiving
>>> emails with optional STARTTLS. But I am occasionally seeing an error
>>> message like this in the log:
>>>
>>> 2016-12-11 00:32:19 dl1 postfix/smtpd[13665]: SSL_accept error from
>>> unknown[14.215.156.100]: lost connection
>>>
>>> The connection giving rise to the error is never from one of our
>>> machines/users. Should I be worried about it? Does it indicate some
>>> bad configuration on my side?
>>>
>>> Dominic
>> Dominic
>>
>> it would help if you posted your configuration.
>> I suspect that you have the smtps service configured in master.cf. If
>> anyone is using it, it should be only your own users, so errors from
>> unrecognised ips will not be a problem and are probably not for any
>> legitimate reason. If you don't need the smtps service, you should
>> consider commenting it out completely in master.cf.
>> John
>>
> Thanks John for your quick reply. I don't have any smtps configured in
> master.cf, I only have smtp port (25) open and I allow opportunistic
> TLS (which I require before authentication [for which I use dovecot])
> i.e. STARTTLS. So any senders can use TLS if they want. I guess that I
> should just ignore these errors from unknown ips as they don't
> indicate a security problem on my side?

If you are able to receive encrypted email in general then I would

ignore them unless there is any other sign of a problem

(like users saying they cannot connect or people saying they are

not receiving email).

John

Reply | Threaded
Open this post in threaded view
|

Re: smtpd ... SSL_accept error from ... lost connection

Dominic Raferd
On 11 December 2016 at 09:12, John Fawcett <[hidden email]> wrote:

> On 12/11/2016 10:00 AM, Dominic Raferd wrote:
>> On 11 December 2016 at 08:43, John Fawcett <[hidden email]> wrote:
>>> On 12/11/2016 09:25 AM, Dominic Raferd wrote:
>>>> In general my postfix mail server is working well, it is receiving
>>>> emails with optional STARTTLS. But I am occasionally seeing an error
>>>> message like this in the log:
>>>>
>>>> 2016-12-11 00:32:19 dl1 postfix/smtpd[13665]: SSL_accept error from
>>>> unknown[14.215.156.100]: lost connection
>>>>
>>>> The connection giving rise to the error is never from one of our
>>>> machines/users. Should I be worried about it? Does it indicate some
>>>> bad configuration on my side?
>>>>
>>>> Dominic
>>> Dominic
>>>
>>> it would help if you posted your configuration.
>>> I suspect that you have the smtps service configured in master.cf. If
>>> anyone is using it, it should be only your own users, so errors from
>>> unrecognised ips will not be a problem and are probably not for any
>>> legitimate reason. If you don't need the smtps service, you should
>>> consider commenting it out completely in master.cf.
>>> John
>>>
>> Thanks John for your quick reply. I don't have any smtps configured in
>> master.cf, I only have smtp port (25) open and I allow opportunistic
>> TLS (which I require before authentication [for which I use dovecot])
>> i.e. STARTTLS. So any senders can use TLS if they want. I guess that I
>> should just ignore these errors from unknown ips as they don't
>> indicate a security problem on my side?
>
> If you are able to receive encrypted email in general then I would
>
> ignore them unless there is any other sign of a problem
>
> (like users saying they cannot connect or people saying they are
>
> not receiving email).
>
> John
>

Thanks John, I have now filtered my error-message-checking cron job so
that when these are 'from unknown' they will be ignored and I can stop
worrying about them.
Reply | Threaded
Open this post in threaded view
|

Re: smtpd ... SSL_accept error from ... lost connection

Viktor Dukhovni
In reply to this post by Dominic Raferd

> On Dec 11, 2016, at 3:25 AM, Dominic Raferd <[hidden email]> wrote:
>
> In general my postfix mail server is working well, it is receiving
> emails with optional STARTTLS. But I am occasionally seeing an error
> message like this in the log:
>
> 2016-12-11 00:32:19 dl1 postfix/smtpd[13665]: SSL_accept error from
> unknown[14.215.156.100]: lost connection
>
> The connection giving rise to the error is never from one of our
> machines/users. Should I be worried about it? Does it indicate some
> bad configuration on my side?

No PTR record, SOA in China.  Unless you have delayed correspondence
from that province:

   215.14.in-addr.arpa.    39413   IN      SOA     soa. dns.guangzhou.gd.cn

on the Internet stuff happens.  Nothing to see, move along...

--
        Viktor.