[clug] Postfix, a lot of connection attempts
Daniel Black
daniel.subs at internode.on.net
Sun Dec 2 16:46:12 MST 2012
On 03/12/12 10:32, Paul Warren wrote:
> Hi guys,
>
> Got some log lines in my postfix log that I don't know enough about to
> say if it's a config problem, or I'm getting spammed. Google hasn't been
> terribly helpful either!
>
> Every second since about 8am this morning, I've had the following appear:
>
> Dec 3 10:12:10 pwarren postfix/smtpd[10164]: connect from
> e297.enterprise.fastwebserver.de[5.199.132.42]
> Dec 3 10:12:10 pwarren postfix/smtpd[10164]: lost connection after
> UNKNOWN from e297.enterprise.fastwebserver.de[5.199.132.42]
> Dec 3 10:12:10 pwarren postfix/smtpd[10164]: disconnect from
> e297.enterprise.fastwebserver.de[5.199.132.42]
> Dec 3 10:12:11 pwarren postfix/smtpd[10164]: connect from
> e297.enterprise.fastwebserver.de[5.199.132.42]
> Dec 3 10:12:11 pwarren postfix/smtpd[10164]: lost connection after
> UNKNOWN from e297.enterprise.fastwebserver.de[5.199.132.42]
> Dec 3 10:12:11 pwarren postfix/smtpd[10164]: disconnect from
> e297.enterprise.fastwebserver.de[5.199.132.42]
> Dec 3 10:12:12 pwarren postfix/smtpd[10164]: connect from
> e297.enterprise.fastwebserver.de[5.199.132.42]
> Dec 3 10:12:12 pwarren postfix/smtpd[10164]: lost connection after
> UNKNOWN from e297.enterprise.fastwebserver.de[5.199.132.42]
> Dec 3 10:12:12 pwarren postfix/smtpd[10164]: disconnect from
> e297.enterprise.fastwebserver.de[5.199.132.42]
> Dec 3 10:12:13 pwarren postfix/smtpd[10164]: connect from
> e297.enterprise.fastwebserver.de[5.199.132.42]
> Dec 3 10:12:13 pwarren postfix/smtpd[10164]: lost connection after
> UNKNOWN from e297.enterprise.fastwebserver.de[5.199.132.42]
> Dec 3 10:12:13 pwarren postfix/smtpd[10164]: disconnect from
> e297.enterprise.fastwebserver.de[5.199.132.42]
>
>
> The most recent change was early last week when I added spamassassin
> processing into the queue.
>
> It's not affecting services so far, I'm still getting emails coming in,
> but it's making my logs annoying large!
>
> The IP and hostname don't seem to be in any blacklists.
>
> Is it most likely a problem at their end or mine?
most likely their end. iptables block them if you want to keep the logs
sane. They'll work it out eventually maybe.
joys of running a mailserver.
Don't spend too much time on it.
More information about the linux
mailing list