Re: New Server and noticing these maillog postfix entries: What to do about them?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Am 21.11.2021 um 19:54 schrieb Jay Hart:

I just stood up a new server running C8 stream, postfix, SA, etc.

I keep seeing these log entries in maillog and wonder what to about them. I have not been able to find any research documents detailing if
this is a problem nor how to prevent.  Any documentation I have seen via web searches talks about configuration issues with
spamass-milter.  This to me looks like hackers.  I get the same four lines over and over again from different IP addresses and the
pid/socket/id number (26579 in this instance) are always linked.  The number is different for each query/probe.
The issue has nothing to do with what you call "hackers". The cause is a misconfiguration on your side: take the error message literal. You have Postfix configured to make use of the spamass milter, everytime another system connects to the smtp daemon. 


Nov 21 11:56:57 dream postfix/smtpd[26579]: connect from unknown[141.98.10.140]
Nov 21 11:56:57 dream postfix/smtpd[26579]: warning: connect to Milter service unix:/run/spamass-milter/spamass-milter.sock: Permission
denied
Nov 21 11:56:57 dream postfix/smtpd[26579]: discarding EHLO keywords: CHUNKING
Nov 21 11:56:57 dream postfix/smtpd[26579]: disconnect from unknown[141.98.10.140] ehlo=1 auth=0/1 quit=1 commands=2/3

What can I try to do to eliminate this?  Other than taking up resources I'm not seeing anything else in the logs to show a problem.
Should I be concerned?

Research has now shown that Redhat/Centos may have changed the default postfix setting.  I do see the following parameter set:
smtpd_discard_ehlo_keywords = chunking


You are totally on the wrong track.


Sounds like I need to add/set this as 'silent-discard' pseudo keyword to prevent this action from being logged.


Wrong.


Thanks in advance on your help and advice!


Run "postconf -n" and see where you have defined the spamass milter.
Check whether the spamass milter is really running and that the socket is available under /run/spamass-milter/spamass-milter.sock. Given it is bacause the milter runs and has created its socket under that path, check the permissions (unix permissions and SELinux context) of the socket and the full path. 
Once the root cause is fixed your Postfix will work again as configured.


Jay


Alexander


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux