I took a look at my postfix logs and I've noticed an odd occurrence lately: SMTP sessions that seem to end right after the RCPT TO, as such:
postfix/smtpd[11333]: > unknown[XXX.XXX.238.86]: 220 [mydomain.com] ESMTP (Ubuntu)
postfix/smtpd[11333]: < unknown[XXX.XXX.238.86]: EHLO LMSPC.[otherdomain.com]
postfix/smtpd[11333]: > unknown[XXX.XXX.238.86]: 250-[mydomain.com]
postfix/smtpd[11333]: > unknown[XXX.XXX.238.86]: 250-PIPELINING
postfix/smtpd[11333]: > unknown[XXX.XXX.238.86]: 250-SIZE 10240000
postfix/smtpd[11333]: > unknown[XXX.XXX.238.86]: 250-ETRN
postfix/smtpd[11333]: > unknown[XXX.XXX.238.86]: 250-STARTTLS
postfix/smtpd[11333]: > unknown[XXX.XXX.238.86]: 250-ENHANCEDSTATUSCODES
postfix/smtpd[11333]: > unknown[XXX.XXX.238.86]: 250-8BITMIME
postfix/smtpd[11333]: > unknown[XXX.XXX.238.86]: 250 DSN
postfix/smtpd[11333]: < unknown[XXX.XXX.238.86]: MAIL From:<tobyami@LMSPC.[otherdomain.com]>
postfix/smtpd[11333]: > unknown[XXX.XXX.238.86]: 250 2.1.0 Ok
postfix/smtpd[11333]: < unknown[XXX.XXX.238.86]: RCPT To:<[myusername]@[mydomain.com]>
For comparison, this is what a "normal" session looks like in my logs:
postfix/smtpd[31674]: > mail-wg0-f52.google.com[74.125.82.52]: 220 [mydomain.com] ESMTP (Ubuntu)
postfix/smtpd[31674]: < mail-wg0-f52.google.com[74.125.82.52]: EHLO mail-wg0-f52.google.com
postfix/smtpd[31674]: > mail-wg0-f52.google.com[74.125.82.52]: 250-[mydomain.com]
postfix/smtpd[31674]: > mail-wg0-f52.google.com[74.125.82.52]: 250-PIPELINING
postfix/smtpd[31674]: > mail-wg0-f52.google.com[74.125.82.52]: 250-SIZE 10240000
postfix/smtpd[31674]: > mail-wg0-f52.google.com[74.125.82.52]: 250-ETRN
postfix/smtpd[31674]: > mail-wg0-f52.google.com[74.125.82.52]: 250-ENHANCEDSTATUSCODES
postfix/smtpd[31674]: > mail-wg0-f52.google.com[74.125.82.52]: 250-8BITMIME
postfix/smtpd[31674]: > mail-wg0-f52.google.com[74.125.82.52]: 250 DSN
postfix/smtpd[31674]: < mail-wg0-f52.google.com[74.125.82.52]: MAIL FROM:<[whatever]@gmail.com> SIZE=1774
postfix/smtpd[31674]: > mail-wg0-f52.google.com[74.125.82.52]: 250 2.1.0 Ok
postfix/smtpd[31674]: < mail-wg0-f52.google.com[74.125.82.52]: RCPT TO:<[my username]@[mydomain.com]>
postfix/smtpd[31674]: > mail-wg0-f52.google.com[74.125.82.52]: 250 2.1.5 Ok
postfix/smtpd[31674]: < mail-wg0-f52.google.com[74.125.82.52]: DATA
postfix/smtpd[31674]: > mail-wg0-f52.google.com[74.125.82.52]: 354 End data with <CR><LF>.<CR><LF>
postfix/smtpd[31674]: > mail-wg0-f52.google.com[74.125.82.52]: 250 2.0.0 Ok: queued as 6346912215C
postfix/smtpd[31674]: < mail-wg0-f52.google.com[74.125.82.52]: QUIT
postfix/smtpd[31674]: > mail-wg0-f52.google.com[74.125.82.52]: 221 2.0.0 Bye
It seems my server doesn't answer with an "Ok" once it gets a RCPT TO in the first case. Things just seem to...stop.
It doesn't bother me too much since I still get mails, and occurrences like the former example seem to all come from IPs either without a reverse DNS or from "weird" domains; as such, I'm assuming they must be spam attempts.
Still, I'm wondering what's happening here. I can't tell who's dropping the connection first, my server or the remote, nor can I tell why the connection would be dropped. If it's on my end, why is it dropped at this point, after the RCPT TO, and not before? If it's on the remote end, why drop it before sending anything, or even before letting my server respond?
Aucun commentaire:
Enregistrer un commentaire