Package: logwatch Version: 7.3.6-1 Severity: wishlist In order of decreasing relative frequency in my most-recent logwatch mails for a couple machines running postfix 2.3.8-2+b1, the following messages end up in the "Unmatched" section:
Jan 16 08:47:43 shemp postfix/smtpd[12615]: NOQUEUE: reject: CONNECT from adsl-76-202-86-126.dsl.wlfrct.sbcglobal.net[76.202.86.126]: 554 5.7.1 Service unavailable; Client host [76.202.86.126] blocked using sbl-xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=76.202.86.126; proto=SMTP This happens for both HELO and EHLO: Jan 16 10:29:40 shemp postfix/smtpd[15257]: NOQUEUE: reject: EHLO from bzq-79-180-70-141.red.bezeqint.net[79.180.70.141]: 504 5.5.2 <server-469d1a99>: Helo command rejected: need fully-qualified hostname; proto=SMTP helo=<server-469d1a99> Jan 16 07:04:59 shemp postfix/smtpd[7774]: NOQUEUE: reject: MAIL from cutter.com[72.3.229.218]: 450 4.1.8 <[EMAIL PROTECTED]>: Sender address rejected: Domain not found; from=<[EMAIL PROTECTED]> proto=ESMTP helo=<cutter.com> Jan 16 04:24:58 shemp postfix/smtpd[1114]: NOQUEUE: reject: CONNECT from mx2.exocticvacationstothetropics.info[67.90.84.75]: 554 5.7.1 Service unavailable; Client host [67.90.84.75] blocked using sbl-xbl.spamhaus.org; http://www.spamhaus.org/SBL/sbl.lasso?query=SBL57441; proto=SMTP This happens for both SMTP and ESMTP: Jan 16 01:14:39 shemp postfix/smtpd[26472]: NOQUEUE: reject: MAIL from 234.241.48.60.kmr02-home.tm.net.my[60.48.241.234]: 550 5.1.0 <[EMAIL PROTECTED]>: Sender address rejected: User unknown in relay recipient table; from=<[EMAIL PROTECTED]> proto=SMTP helo=<234.241.48.60.kmr02-home.tm.net.my> On a different machine, with postfix 2.4.6-4 and reject_unknown_client_hostname, there's also: Jan 16 23:09:00 moe postfix/smtpd[21269]: NOQUEUE: reject: CONNECT from unknown[216.70.141.250]: 450 4.7.1 Client host rejected: cannot find your hostname, [216.70.141.250]; proto=SMTP as well as: Jan 16 05:51:34 moe postfix/smtpd[25194]: NOQUEUE: reject: HELO from 59-112-83-91.dynamic.hinet.net[59.112.83.91]: 554 5.7.1 <204.13.10.227>: Helo command rejected: Invalid hostname (204.13.10.227); proto=SMTP helo=<204.13.10.227> There's also a few of these, although it's really not clear to me how postfix can conceivably not know the IP address of a client host, so I think logwatch can reasonably continue to not handle this case. Jan 16 04:39:09 moe postfix/smtpd[16379]: NOQUEUE: reject: CONNECT from unknown[unknown]: 450 4.7.1 Client host rejected: cannot find your hostname, [unknown]; proto=SMTP -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
