Postfix log showing same error every 5 minutes
Solution 1
You don't happen to have some kind of proxy doing a check if server is alive?
e.g. haproxy with check send-proxy ?
:) This is only annoying as such with the extreme amount of logging it produces..in systemd it might be a bit more of a hassle to also cron job the log file to clean it up of any unneccessary entries.
The option is to suppress the messages via postfix but I myself haven't figured that one out yet :)
Solution 2
Two possibilities
-
If IP Address of client (who connect to your server) is inside your network or same host then maybe some misconfigured script trying to connect to your server.
-
If IP Address of client (who connect to your server) is outside one, then maybe some script kiddies trying to probe your server without sending anything.
Edit:
Based on your comment about "unknown[unknown]" entry, here I post the explanation from Postfix Author himself
The client disconnected before Postfix could ask the KERNEL for the client IP address. Either your server is too slow or the client is too impatient.
Anyway, if your server doesn't accept any email, the you should close the port 25 via firewall (e.g IPTables) or append/modify line (in main.cf) as follows to bind to localhost (127.0.0.1) only
inet_interfaces = 127.0.0.1
Related videos on Youtube
09 : 04
18 : 02
02 : 55
![5. Install & Config Service Postfix [MAIL SERVER PART 1]](https://i.ytimg.com/vi/F42SLhaDCv8/hqdefault.jpg?sqp=-oaymwEcCOADEI4CSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLCWbQoBrxwTEVW4Pf62KSFJNcwQow)
12 : 22
02 : 17
Raphael Laurent
Updated on September 18, 2022Comments
-
Raphael Laurent almost 2 years
I have an error in my
mail.log(/var/log). I'm using postfix. I am only using it to send email from my web app (Python/Django) for registration (I haven't configured for inbound, the MX isn't pointing to my domain anyway).Every 5 minutes, the mail.log shows that :
Jul 13 00:45:42 mydomain postfix/smtpd[5777]: connect from unknown[unknown] Jul 13 00:45:42 mydomain postfix/smtpd[5777]: lost connection after CONNECT from unknown[unknown] Jul 13 00:45:42 mydomain postfix/smtpd[5777]: disconnect from unknown[unknown] Jul 13 00:49:02 mydomain postfix/anvil[5779]: statistics: max connection rate 1/60s for (smtp:unknown) at Jul 13 00:45:42 Jul 13 00:49:02 mydomain postfix/anvil[5779]: statistics: max connection count 1 for (smtp:unknown) at Jul 13 00:45:42 Jul 13 00:49:02 mydomain postfix/anvil[5779]: statistics: max cache size 1 at Jul 13 00:45:42I believe this error is caused by 'something' trying to send an email on my machine, but I can't find what it is. I checked the cron already, nothing there.
PS : I run on Debian, and the webserver is Apache.
-
masegaloeh almost 10 years@RaphaelLaurent, Ah, I thought you masked the IP Address. See my updated answer. -
Raphael Laurent almost 10 yearsThanks for the answer. I saw the explnation about the "client being too impatient". It seems I don't have the log anymore since I've put inet_interfaces = 107.0.0.1. I'm curious to understand though, it was "someone" that was trying to access my mail server and was disconecting right after it?
-
masegaloeh almost 10 yearsAs a say in above post, maybe it caused by some script kiddies trying scan your server for open relay
-
Raphael Laurent about 9 yearsI forgot to come back and answer this question. In fact you are right, this log was created by the monitoring of my VPS provider checking every 5 minutes if the email service was running. Thank you :)