Topic: Postscreen spam reconnecting to smtpd
==== Required information ====
- iRedMail version (check /etc/iredmail-release): v0.9.6
- Linux/BSD distribution name and version: Debian Jessie
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache2
- Manage mail accounts with iRedAdmin-Pro? No postfixadmin
- Related log if you're reporting an issue: Check below
====
The following log is getting spammed continuesly
Mar 25 22:18:28 mailserver postfix/postscreen[2297]: CONNECT from [10.x.x.2]:39116 to [10.x.x.2]:25
Mar 25 22:18:28 mailserver postfix/postscreen[2297]: PASS OLD [10.x.x.2]:39116
Mar 25 22:18:28 mailserver postfix/smtpd[3590]: warning: hostname mailserver.example.com does not resolve to address 10.x.x.2
Mar 25 22:18:28 mailserver postfix/smtpd[3590]: connect from unknown[10.x.x.2]
Mar 25 22:18:28 mailserver postfix/smtpd[3590]: disconnect from unknown[10.x.x.2]
Mar 25 22:18:29 mailserver postfix/postscreen[2297]: CONNECT from [10.x.x.2]:39117 to [10.x.x.2]:25
Mar 25 22:18:29 mailserver postfix/postscreen[2297]: PASS OLD [10.x.x.2]:39117
Mar 25 22:18:29 mailserver postfix/smtpd[3659]: connect from mail.example.com[10.x.x.2]
Mar 25 22:18:29 mailserver postfix/smtpd[3659]: disconnect from mail.example.com[10.x.x.2]
Mar 25 22:18:30 mailserver postfix/postscreen[2297]: CONNECT from [10.x.x.2]:39118 to [10.x.x.2]:25
Mar 25 22:18:30 mailserver postfix/postscreen[2297]: PASS OLD [10.x.x.2]:39118
Mar 25 22:18:30 mailserver postfix/smtpd[3590]: warning: hostname mailserver.example.com does not resolve to address 10.x.x.2
Mar 25 22:18:30 mailserver postfix/smtpd[3590]: connect from unknown[10.x.50.2]
Mar 25 22:18:30 mailserver postfix/smtpd[3590]: disconnect from unknown[10.x.50.2]
Mar 25 22:18:31 mailserver postfix/postscreen[2297]: CONNECT from [10.x.x.2]:39121 to [10.x.50.2]:25
Mar 25 22:18:31 mailserver postfix/postscreen[2297]: PASS OLD [10.x.50.2]:39121
Mar 25 22:18:31 mailserver postfix/smtpd[3659]: connect from mail.example.com[10.x.50.2]
Mar 25 22:18:31 mailserver postfix/smtpd[3659]: disconnect from mail.example.com[10.x.50.2]
Mar 25 22:18:32 mailserver postfix/postscreen[2297]: CONNECT from [10.x.x.2]:39122 to [10.x.50.2]:25
Mar 25 22:18:32 mailserver postfix/postscreen[2297]: PASS OLD [10.x.50.2]:39122
Mar 25 22:18:32 mailserver postfix/smtpd[3590]: warning: hostname mailserver.example.com does not resolve to address 10.x.x.2
Mar 25 22:18:32 mailserver postfix/smtpd[3590]: connect from unknown[10.x.50.2]
Mar 25 22:18:32 mailserver postfix/smtpd[3590]: disconnect from unknown[10.x.50.2]
Doing a nslookup (to my local DNS server) on this mail hosts results in this:
Server: 2a02:xxx:xxx:xxx:xxx:xxx:xxx:xxx
Address: 2a02:xxx:xxx:xxx:xxx:xxx:xxx:xxx#53Name: mailserver.example.com
Address: 10.x.50.2
I've added a line to the /etc/hosts file with the following:
10.x.50.2 mailserver.example.com mailserver
This removed 1 line from getting spammed (hostname not resolve blabla), but did not solve the rest:
Mar 25 22:18:28 mailserver postfix/postscreen[2297]: CONNECT from [10.x.x.2]:39116 to [10.x.x.2]:25
Mar 25 22:18:28 mailserver postfix/postscreen[2297]: PASS OLD [10.x.x.2]:39116
Mar 25 22:18:28 mailserver postfix/smtpd[3590]: connect from unknown[10.x.x.2]
Mar 25 22:18:28 mailserver postfix/smtpd[3590]: disconnect from unknown[10.x.x.2]
Mar 25 22:18:29 mailserver postfix/postscreen[2297]: CONNECT from [10.x.x.2]:39117 to [10.x.x.2]:25
Mar 25 22:18:29 mailserver postfix/postscreen[2297]: PASS OLD [10.x.x.2]:39117
Mar 25 22:18:29 mailserver postfix/smtpd[3659]: connect from mail.example.com[10.x.x.2]
Mar 25 22:18:29 mailserver postfix/smtpd[3659]: disconnect from mail.example.com[10.x.x.2]
Mar 25 22:18:30 mailserver postfix/postscreen[2297]: CONNECT from [10.x.x.2]:39118 to [10.x.x.2]:25
Mar 25 22:18:30 mailserver postfix/postscreen[2297]: PASS OLD [10.x.x.2]:39118
Mar 25 22:18:30 mailserver postfix/smtpd[3590]: connect from unknown[10.x.x.2]
Mar 25 22:18:30 mailserver postfix/smtpd[3590]: disconnect from unknown[10.x.x.2]
Mar 25 22:18:31 mailserver postfix/postscreen[2297]: CONNECT from [10.x.x.2]:39121 to [10.x.x.2]:25
Mar 25 22:18:31 mailserver postfix/postscreen[2297]: PASS OLD [10.x.x.2]:39121
Mar 25 22:18:31 mailserver postfix/smtpd[3659]: connect from mail.example.com[10.x.x.2]
Mar 25 22:18:31 mailserver postfix/smtpd[3659]: disconnect from mail.example.com[10.x.x.2]
Mar 25 22:18:32 mailserver postfix/postscreen[2297]: CONNECT from [10.x.x.2]:39122 to [10.x.x.2]:25
Mar 25 22:18:32 mailserver postfix/postscreen[2297]: PASS OLD [10.x.x.2]:39122
Mar 25 22:18:32 mailserver postfix/smtpd[3590]: connect from unknown[10.x.x.2]
Mar 25 22:18:32 mailserver postfix/smtpd[3590]: disconnect from unknown[10.x.x.2]
Sending mails works, but I cannot access any logs as this is obstructing my live tail -f ssh feed.
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.