Loading ...
Sorry, an error occurred while loading the content.

Re: Odd postfix and firewall log entries

Expand Messages
  • Mike.
    ... the ... Each ... (which ... re-transmissions ... client. ... from ... ============= Thanks very much for the quick answer. That makes sense. btw,
    Message 1 of 3 , Oct 1, 2012
    • 0 Attachment
      On 10/1/2012 at 3:35 PM Viktor Dukhovni wrote:

      |On Mon, Oct 01, 2012 at 11:05:59AM -0400, Mike. wrote:
      |
      |> I recently started seeing these log entries in the Postfix log and
      the
      |> firewall log. The sequence happens once a day, sometimes twice.
      Each
      |> time it appears to be a different client IP address.
      |>
      |> In summary, I see an aborted connection attempt to Postfix, then a
      |> short while later I see Postfix trying some outbound connections
      (which
      |> are blocked and logged by the firewall).
      |
      |They are not outbound connections. These are most likely
      re-transmissions
      |of the Postfix 220 banner, which was never acked by the connecting
      client.
      |
      |The firewall tears down the connection before the TCP stack stops
      |retrying.
      |
      |> Sep 28 03:21:22 oneou postfix/smtpd[91250]: connect from
      |> unknown[39.xxx.56.235]
      |> Sep 28 03:26:22 oneou postfix/smtpd[91250]: timeout after CONNECT
      from
      |> unknown[39.xxx.56.235]
      |> Sep 28 03:26:22 oneou postfix/smtpd[91250]: disconnect from
      |> unknown[39.xxx.56.235]
      |> Sep 28 03:27:12 oneou pf: rule 1/0(match): block out on fxp0:
      |> 216.xxx.68.64.25 > 39.xxx.56.235.1525: tcp 108
      |> Sep 28 03:28:16 oneou pf: rule 1/0(match): block out on fxp0:
      |> 216.xxx.68.64.25 > 39.xxx.56.235.1525: tcp 108
      |> Sep 28 03:29:20 oneou pf: rule 1/0(match): block out on fxp0:
      |> 216.xxx.68.64.25 > 39.xxx.56.235.1525: tcp 108
      |> Sep 28 03:30:24 oneou pf: rule 1/0(match): block out on fxp0:
      |> 216.xxx.68.64.25 > 39.xxx.56.235.1525: tcp 108
      |> Sep 28 03:31:28 oneou pf: rule 1/0(match): block out on fxp0:
      |> 216.xxx.68.64.25 > 39.xxx.56.235.1525: tcp 20
      |
      |--
      | Viktor.

      =============

      Thanks very much for the quick answer. That makes sense.


      btw, regarding my comment that "I recently started seeing these log
      entries" :

      I recently added a IPv6 tunnel to the server and I adjusted the
      firewall rules. One of the things I changed was the firewall now logs
      all blocked outbound connections. So this curiosity may have been
      occurring previously, I just did not see the firewall blocks because
      they were not logged.

      So all the symptoms fall into place now.

      Thanks again.

      Mike.
    Your message has been successfully submitted and would be delivered to recipients shortly.