[clug] Postfix, a lot of connection attempts

Paul Warren pwarren at pwarren.id.au
Sun Dec 2 18:54:24 MST 2012 

On 3/12/12 10:46 AM, Daniel Black wrote:
> On 03/12/12 10:32, Paul Warren wrote:
>> Hi guys,
>>
>> Got some log lines in my postfix log that I don't know enough about to
>> say if it's a config problem, or I'm getting spammed. Google hasn't been
>> terribly helpful either!
>>
>> Every second since about 8am this morning, I've had the following appear:
>>
>> Dec  3 10:12:10 pwarren postfix/smtpd[10164]: connect from
>> e297.enterprise.fastwebserver.de[5.199.132.42]
>> Dec  3 10:12:10 pwarren postfix/smtpd[10164]: lost connection after
>> UNKNOWN from e297.enterprise.fastwebserver.de[5.199.132.42]
>> Dec  3 10:12:10 pwarren postfix/smtpd[10164]: disconnect from
>> e297.enterprise.fastwebserver.de[5.199.132.42]
>> Dec  3 10:12:11 pwarren postfix/smtpd[10164]: connect from
>> e297.enterprise.fastwebserver.de[5.199.132.42]
>> Dec  3 10:12:11 pwarren postfix/smtpd[10164]: lost connection after
>> UNKNOWN from e297.enterprise.fastwebserver.de[5.199.132.42]
>> Dec  3 10:12:11 pwarren postfix/smtpd[10164]: disconnect from
>> e297.enterprise.fastwebserver.de[5.199.132.42]
>> Dec  3 10:12:12 pwarren postfix/smtpd[10164]: connect from
>> e297.enterprise.fastwebserver.de[5.199.132.42]
>> Dec  3 10:12:12 pwarren postfix/smtpd[10164]: lost connection after
>> UNKNOWN from e297.enterprise.fastwebserver.de[5.199.132.42]
>> Dec  3 10:12:12 pwarren postfix/smtpd[10164]: disconnect from
>> e297.enterprise.fastwebserver.de[5.199.132.42]
>> Dec  3 10:12:13 pwarren postfix/smtpd[10164]: connect from
>> e297.enterprise.fastwebserver.de[5.199.132.42]
>> Dec  3 10:12:13 pwarren postfix/smtpd[10164]: lost connection after
>> UNKNOWN from e297.enterprise.fastwebserver.de[5.199.132.42]
>> Dec  3 10:12:13 pwarren postfix/smtpd[10164]: disconnect from
>> e297.enterprise.fastwebserver.de[5.199.132.42]
>>
>>
>> The most recent change was early last week when I added spamassassin
>> processing into the queue.
>>
>> It's not affecting services so far, I'm still getting emails coming in,
>> but it's making my logs annoying large!
>>
>> The IP and hostname don't seem to be in any blacklists.
>>
>> Is it most likely a problem at their end or mine?
> most likely their end. iptables block them if you want to keep the logs
> sane. They'll work it out eventually maybe.
>
> joys of running a mailserver.
>
> Don't spend too much time on it.
>
Okey doke that's what I thought, Thanks!

blocked them using my recently acquired cisco foo on the router for now, 
will give them a week see if anything's happened.

I'm only running my personal mail server for now, but that'll change 
early next year as I get given control of all the mail servers at work, 
a bit scary, but I'll survive! Currently I'm setting up an internal mail 
server so that our monitoring/alarm emails don't have to go out the 
internet before landing in our exchange (not managed by me!) server.

--
Paul Warren

More information about the linux mailing list