Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
lost connection after EHLO from unknown
4,048 views
Skip to first unread message
santosh malavade
Jan 19, 2012, 10:44:06 PM1/19/12
to
hi,
this pertains to the issue raised by our unit in barbados, having ip address 173.225.251.221, i have included the said ip in debug_peer_list
we are getting lot of messages in the mail log showing the following
Jan 20 00:15:21 mailgate postfix/smtpd[18917]: lost connection after EHLO from unknown[173.225.251.221]
Jan 20 00:26:21 mailgate postfix/smtpd[18917]: lost connection after CONNECT from unknown[173.225.251.221]
Jan 20 03:17:53 mailgate postfix/smtpd[20255]: lost connection after CONNECT from unknown[202.43.9.67]
my mail server configuration is given below :
mailgate:~ # postconf -n
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
debug_peer_list = 173.225.251.221
disable_dns_lookups = no
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_exceptions = root
message_size_limit = 8703181
mydestination = $myhostname, localhost.$mydomain
myhostname = mailgate.asianpaints.com
mynetworks = 127.0.0.1/8 , 192.168.40.0/24 ,172.25.10.94/32
newaliases_path = /usr/sbin/sendmail
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/sender_access reject
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
virtual_maps = hash:/etc/postfix/virtual
the output of master.cf
mailgate:~ # cat /etc/postfix/master.cf | grep ^[^#]
smtp inet n - n - 100 smtpd
587 inet n - n - - smtpd -v
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n 1000? 0 flush
smtp unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
vscan unix - n n - 10 pipe
user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
127.0.0.1:10025 inet n n n - 10 spawn
user=filter argv=/opt/kav/bin/smtpscanner
127.0.0.1:10026 inet n - n - 10 smtpd
-o content_filter= -o myhostname=mailgate
i have few days back increased the smtpd process count to 100 which was specified as 50.
how do i go about resolving it.
rgds,
Santosh Malavade
this pertains to the issue raised by our unit in barbados, having ip address 173.225.251.221, i have included the said ip in debug_peer_list
we are getting lot of messages in the mail log showing the following
Jan 20 00:15:21 mailgate postfix/smtpd[18917]: lost connection after EHLO from unknown[173.225.251.221]
Jan 20 00:26:21 mailgate postfix/smtpd[18917]: lost connection after CONNECT from unknown[173.225.251.221]
Jan 20 03:17:53 mailgate postfix/smtpd[20255]: lost connection after CONNECT from unknown[202.43.9.67]
my mail server configuration is given below :
mailgate:~ # postconf -n
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
debug_peer_list = 173.225.251.221
disable_dns_lookups = no
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_exceptions = root
message_size_limit = 8703181
mydestination = $myhostname, localhost.$mydomain
myhostname = mailgate.asianpaints.com
mynetworks = 127.0.0.1/8 , 192.168.40.0/24 ,172.25.10.94/32
newaliases_path = /usr/sbin/sendmail
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access, check_recipient_access hash:/etc/postfix/sender_access reject
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
virtual_maps = hash:/etc/postfix/virtual
the output of master.cf
mailgate:~ # cat /etc/postfix/master.cf | grep ^[^#]
smtp inet n - n - 100 smtpd
587 inet n - n - - smtpd -v
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n 1000? 0 flush
smtp unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
vscan unix - n n - 10 pipe
user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
127.0.0.1:10025 inet n n n - 10 spawn
user=filter argv=/opt/kav/bin/smtpscanner
127.0.0.1:10026 inet n - n - 10 smtpd
-o content_filter= -o myhostname=mailgate
i have few days back increased the smtpd process count to 100 which was specified as 50.
how do i go about resolving it.
rgds,
Santosh Malavade
Noel Jones
Jan 19, 2012, 11:18:33 PM1/19/12
to
On 1/19/2012 9:44 PM, santosh malavade wrote:
> hi,
>
> this pertains to the issue raised by our unit in barbados, having ip
> address 173.225.251.221, i have included the said ip in debug_peer_list
>
> we are getting lot of messages in the mail log showing the following
>
> Jan 20 00:15:21 mailgate postfix/smtpd[18917]: lost connection after
> EHLO from unknown[173.225.251.221]
> Jan 20 00:26:21 mailgate postfix/smtpd[18917]: lost connection after
> CONNECT from unknown[173.225.251.221]
> Jan 20 03:17:53 mailgate postfix/smtpd[20255]: lost connection after
> CONNECT from unknown[202.43.9.67]
>
"lost connection" means the tcp connection failed. Don't bother
> hi,
>
> this pertains to the issue raised by our unit in barbados, having ip
> address 173.225.251.221, i have included the said ip in debug_peer_list
>
> we are getting lot of messages in the mail log showing the following
>
> Jan 20 00:15:21 mailgate postfix/smtpd[18917]: lost connection after
> EHLO from unknown[173.225.251.221]
> Jan 20 00:26:21 mailgate postfix/smtpd[18917]: lost connection after
> CONNECT from unknown[173.225.251.221]
> Jan 20 03:17:53 mailgate postfix/smtpd[20255]: lost connection after
> CONNECT from unknown[202.43.9.67]
>
with the debug_peer_list; it's unlikely to help with this.
You can try capturing a tcpdump of the session. Most likely it will
show the connection was lost and not much else.
http://www.postfix.org/DEBUG_README.html#sniffer
It might be more interesting to get a tcp recording on the other
end, if that's possible.
Does your offshore unit have a otherwise stable internet connection?
Is this a wired connection or some kind of wireless or satellite?
-- Noel Jones
/dev/rob0
Jan 20, 2012, 8:44:48 AM1/20/12
to
On Thu, Jan 19, 2012 at 10:18:33PM -0600, Noel Jones wrote:
> On 1/19/2012 9:44 PM, santosh malavade wrote:
> > this pertains to the issue raised by our unit in barbados,
> > having ip address 173.225.251.221, i have included the said
> > ip in debug_peer_list
> >
> > we are getting lot of messages in the mail log showing the
> > following
> >
> > Jan 20 00:15:21 mailgate postfix/smtpd[18917]: lost
> > connection after EHLO from unknown[173.225.251.221]
> > Jan 20 00:26:21 mailgate postfix/smtpd[18917]: lost
> > connection after CONNECT from unknown[173.225.251.221]
> > Jan 20 03:17:53 mailgate postfix/smtpd[20255]: lost
> > connection after CONNECT from unknown[202.43.9.67]
>
> "lost connection" means the tcp connection failed.
Or, in the case of the "after EHLO", it was dropped. It's possible
> On 1/19/2012 9:44 PM, santosh malavade wrote:
> > this pertains to the issue raised by our unit in barbados,
> > having ip address 173.225.251.221, i have included the said
> > ip in debug_peer_list
> >
> > we are getting lot of messages in the mail log showing the
> > following
> >
> > Jan 20 00:15:21 mailgate postfix/smtpd[18917]: lost
> > connection after EHLO from unknown[173.225.251.221]
> > Jan 20 00:26:21 mailgate postfix/smtpd[18917]: lost
> > connection after CONNECT from unknown[173.225.251.221]
> > Jan 20 03:17:53 mailgate postfix/smtpd[20255]: lost
> > connection after CONNECT from unknown[202.43.9.67]
>
> "lost connection" means the tcp connection failed.
that the client saw something unsuitable in the EHLO response and
dropped the connection, knowing mail could not be delivered.
In that case, check the client's logs. It does not tell the server
its reasoning in making such a decision.
If as per the snippet, more of the disconnects are "after CONNECT"
and not "after EHLO", Noel's theory sounds more likely. But it is a
good idea to look into the client's side of the story, too.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
0 new messages