Re: New Server and noticing these maillog postfix entries: What to do about them?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

> Am 21.11.2021 um 19:54 schrieb Jay Hart:
>> I just stood up a new server running C8 stream, postfix, SA, etc.
>>
>> I keep seeing these log entries in maillog and wonder what to about them. I have not been able to find any research documents detailing
>> if
>> this is a problem nor how to prevent.  Any documentation I have seen via web searches talks about configuration issues with
>> spamass-milter.  This to me looks like hackers.  I get the same four lines over and over again from different IP addresses and the
>> pid/socket/id number (26579 in this instance) are always linked.  The number is different for each query/probe.
>
> The issue has nothing to do with what you call "hackers". The cause is a
> misconfiguration on your side: take the error message literal. You have
> Postfix configured to make use of the spamass milter, everytime another
> system connects to the smtp daemon.
>
>> Nov 21 11:56:57 dream postfix/smtpd[26579]: connect from unknown[141.98.10.140]
>> Nov 21 11:56:57 dream postfix/smtpd[26579]: warning: connect to Milter service unix:/run/spamass-milter/spamass-milter.sock: Permission
>> denied
>> Nov 21 11:56:57 dream postfix/smtpd[26579]: discarding EHLO keywords: CHUNKING
>> Nov 21 11:56:57 dream postfix/smtpd[26579]: disconnect from unknown[141.98.10.140] ehlo=1 auth=0/1 quit=1 commands=2/3
>>
>> What can I try to do to eliminate this?  Other than taking up resources I'm not seeing anything else in the logs to show a problem.
>> Should I be concerned?
>>
>> Research has now shown that Redhat/Centos may have changed the default postfix setting.  I do see the following parameter set:
>> smtpd_discard_ehlo_keywords = chunking
>
> You are totally on the wrong track.
>
>> Sounds like I need to add/set this as 'silent-discard' pseudo keyword to prevent this action from being logged.
>
> Wrong.
>
>> Thanks in advance on your help and advice!
>
> Run "postconf -n" and see where you have defined the spamass milter.
> Check whether the spamass milter is really running and that the socket
> is available under /run/spamass-milter/spamass-milter.sock. Given it is
> bacause the milter runs and has created its socket under that path,
> check the permissions (unix permissions and SELinux context) of the
> socket and the full path.
> Once the root cause is fixed your Postfix will work again as configured.
>

[root@dream spamassassin]# postconf -n |grep milter
milter_default_action = accept
milter_protocol = 6
non_smtpd_milters = $smtpd_milters
smtpd_milters = unix:/run/spamass-milter/spamass-milter.sock

[root@dream spamassassin]# ls -al /var/run/spamass-milter/spamass-milter.sock
srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 /var/run/spamass-milter/spamass-milter.sock

Two things:
1. should the 'smtpd_milters' path be /var/run... vice unix:/run...

2. I just noticed I have two spamass-milter sockets running:

[root@dream spamass-milter]# ls -al /var/run/spamass-milter/spamass-milter.sock
srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 /var/run/spamass-milter/spamass-milter.sock

[root@dream spamass-milter]# ls -al /run/spamass-milter/spamass-milter.sock
srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 /run/spamass-milter/spamass-milter.sock

[root@dream share]# ss -l |grep spam
u_str LISTEN 0      128                      /run/spamass-milter/spamass-milter.sock 185043

[root@dream share]# ss -pl |grep spam
u_str LISTEN 0      128                                                   /run/spamass-milter/spamass-milter.sock 185043    * 0           
   users:(("spamass-milter",pid=16657,fd=4))
u_dgr UNCONN 0      0                                                                                           * 198745 * 14567      
users:(("spamd child",pid=17925,fd=4),("spamd child",pid=17924,fd=4),("spamd",pid=17891,fd=4))
u_dgr UNCONN 0      0                                                                                           * 185042 * 14567       
users:(("spamass-milter",pid=16657,fd=3))
tcp   LISTEN 0      128                                                                                   127.0.0.1:783  0.0.0.0:*    
users:(("spamd child",pid=17925,fd=6),("spamd child",pid=17924,fd=6),("spamd",pid=17891,fd=6))
tcp   LISTEN 0      128                                                                                   [::1]:783         [::]:*    
users:(("spamd child",pid=17925,fd=5),("spamd child",pid=17924,fd=5),("spamd",pid=17891,fd=5))

Been hunting around in the configs trying to determine why I got two processes running...Still looking into this.

Thanks,

Jay

>> Jay
>
> Alexander
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux