Re: [CentOS] New Server and noticing these maillog postfix entries: What to do about them?

Jay Hart Sun, 21 Nov 2021 13:36:45 -0800

> Am 21.11.2021 um 19:54 schrieb Jay Hart:
>> I just stood up a new server running C8 stream, postfix, SA, etc.
>>
>> I keep seeing these log entries in maillog and wonder what to about them. I 
>> have not been able to find any research documents detailing
>> if
>> this is a problem nor how to prevent.  Any documentation I have seen via web 
>> searches talks about configuration issues with
>> spamass-milter.  This to me looks like hackers.  I get the same four lines 
>> over and over again from different IP addresses and the
>> pid/socket/id number (26579 in this instance) are always linked.  The number 
>> is different for each query/probe.
>
> The issue has nothing to do with what you call "hackers". The cause is a
> misconfiguration on your side: take the error message literal. You have
> Postfix configured to make use of the spamass milter, everytime another
> system connects to the smtp daemon.
>
>> Nov 21 11:56:57 dream postfix/smtpd[26579]: connect from 
>> unknown[141.98.10.140]
>> Nov 21 11:56:57 dream postfix/smtpd[26579]: warning: connect to Milter 
>> service unix:/run/spamass-milter/spamass-milter.sock: Permission
>> denied
>> Nov 21 11:56:57 dream postfix/smtpd[26579]: discarding EHLO keywords: 
>> CHUNKING
>> Nov 21 11:56:57 dream postfix/smtpd[26579]: disconnect from 
>> unknown[141.98.10.140] ehlo=1 auth=0/1 quit=1 commands=2/3
>>
>> What can I try to do to eliminate this?  Other than taking up resources I'm 
>> not seeing anything else in the logs to show a problem.
>> Should I be concerned?
>>
>> Research has now shown that Redhat/Centos may have changed the default 
>> postfix setting.  I do see the following parameter set:
>> smtpd_discard_ehlo_keywords = chunking
>
> You are totally on the wrong track.
>
>> Sounds like I need to add/set this as 'silent-discard' pseudo keyword to 
>> prevent this action from being logged.
>
> Wrong.
>
>> Thanks in advance on your help and advice!
>
> Run "postconf -n" and see where you have defined the spamass milter.
> Check whether the spamass milter is really running and that the socket
> is available under /run/spamass-milter/spamass-milter.sock. Given it is
> bacause the milter runs and has created its socket under that path,
> check the permissions (unix permissions and SELinux context) of the
> socket and the full path.
> Once the root cause is fixed your Postfix will work again as configured.
>


[root@dream spamassassin]# postconf -n |grep milter
milter_default_action = accept
milter_protocol = 6
non_smtpd_milters = $smtpd_milters
smtpd_milters = unix:/run/spamass-milter/spamass-milter.sock

[root@dream spamassassin]# ls -al /var/run/spamass-milter/spamass-milter.sock
srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 
/var/run/spamass-milter/spamass-milter.sock

Two things:
1. should the 'smtpd_milters' path be /var/run... vice unix:/run...

2. I just noticed I have two spamass-milter sockets running:

[root@dream spamass-milter]# ls -al /var/run/spamass-milter/spamass-milter.sock
srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 
/var/run/spamass-milter/spamass-milter.sock

[root@dream spamass-milter]# ls -al /run/spamass-milter/spamass-milter.sock
srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 
/run/spamass-milter/spamass-milter.sock

[root@dream share]# ss -l |grep spam
u_str LISTEN 0      128                      
/run/spamass-milter/spamass-milter.sock 185043

[root@dream share]# ss -pl |grep spam
u_str LISTEN 0      128                                                   
/run/spamass-milter/spamass-milter.sock 185043    * 0           
   users:(("spamass-milter",pid=16657,fd=4))
u_dgr UNCONN 0      0                                                           
                                * 198745 * 14567      
users:(("spamd child",pid=17925,fd=4),("spamd 
child",pid=17924,fd=4),("spamd",pid=17891,fd=4))
u_dgr UNCONN 0      0                                                           
                                * 185042 * 14567       
users:(("spamass-milter",pid=16657,fd=3))
tcp   LISTEN 0      128                                                         
                          127.0.0.1:783  0.0.0.0:*    
users:(("spamd child",pid=17925,fd=6),("spamd 
child",pid=17924,fd=6),("spamd",pid=17891,fd=6))
tcp   LISTEN 0      128                                                         
                          [::1]:783         [::]:*    
users:(("spamd child",pid=17925,fd=5),("spamd 
child",pid=17924,fd=5),("spamd",pid=17891,fd=5))

Been hunting around in the configs trying to determine why I got two processes 
running...Still looking into this.

Thanks,

Jay

>> Jay
>
> Alexander
>
>
> _______________________________________________
> CentOS mailing list
> [email protected]
> https://lists.centos.org/mailman/listinfo/centos
>


_______________________________________________
CentOS mailing list
[email protected]
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] New Server and noticing these maillog postfix entries: What to do about them?

Reply via email to