Dear Wietse Venema,
> > I have done the tcpdump I see that Postfix exchange some information and in > the maillog, I have turned the -v option on, I Don't see traces of the > communication 14:38 from the fast.it domain in the maillog, I see traces > in the maillog of the internal 192.168.100.52 server. Should the postfix not > log more if mail are transportet? > > I should be able to rule out the firewall as I see traffic from out side to > the Postfix server via the TCPDump. > > Below, log from TCPDump and Maillog in the same periode. > > /Klaus > > > > > I have done the tcpdump, I see that following: > > 14:38:44.219883 IP aa002msb.fastweb.it.39302 > mail.lasertech.eu.smtp: > Flags [S], seq 3107215080, win 5840, options [mss 1380,sackOK,TS val > 3715764708 ecr 0,nop,wscale 7], length 0 > 14:38:44.219914 IP mail.lasertech.eu.smtp > aa002msb.fastweb.it.39302: > Flags [S.], seq 1052123465, ack 3107215081, win 65535, options [mss > 1380,nop,wscale 3,sackOK,TS val 4267997552 ecr 3715764708], length 0 > 14:38:47.219863 IP mail.lasertech.eu.smtp > aa002msb.fastweb.it.39302: > Flags [S.], seq 1052123465, ack 3107215081, win 65535, options [mss > 1380,nop,wscale 3,sackOK,TS val 4267997552 ecr 3715764708], length 0 > 14:38:47.221565 IP aa002msb.fastweb.it.39302 > mail.lasertech.eu.smtp: > Flags [S], seq 3107215080, win 5840, options [mss 1380,sackOK,TS val > 3715765458 ecr 0,nop,wscale 7], length 0 > 14:38:47.221582 IP mail.lasertech.eu.smtp > aa002msb.fastweb.it.39302: > Flags [S.], seq 1052123465, ack 3107215081, win 65535, options [mss > 1380,nop,wscale 3,sackOK,TS val 4267997552 ecr 3715765458], length 0 > 14:38:50.220855 IP mail.lasertech.eu.smtp > aa002msb.fastweb.it.39302: > Flags [S.], seq 1052123465, ack 3107215081, win 65535, options [mss > 1380,nop,wscale 3,sackOK,TS val 4267997552 ecr 3715765458], length 0 > 14:38:53.221849 IP aa002msb.fastweb.it.39302 > mail.lasertech.eu.smtp: > Flags [S], seq 3107215080, win 5840, options [mss 1380,sackOK,TS val > 3715766958 ecr 0,nop,wscale 7], length 0 > 14:38:53.221876 IP mail.lasertech.eu.smtp > aa002msb.fastweb.it.39302: > Flags [S.], seq 1052123465, ack 3107215081, win 65535, options [mss > 1380,nop,wscale 3,sackOK,TS val 4267997552 ecr 3715766958], length 0 > 14:38:56.221869 IP mail.lasertech.eu.smtp > aa002msb.fastweb.it.39302: > Flags [S.], seq 1052123465, ack 3107215081, win 65535, options [mss > 1380,nop,wscale 3,sackOK,TS val 4267997552 ecr 3715766958], length 0 > 14:39:02.221881 IP mail.lasertech.eu.smtp > aa002msb.fastweb.it.39302: > Flags [S.], seq 1052123465, ack 3107215081, win 65535, options [mss > 1380,nop,wscale 3,sackOK,TS val 4267997552 ecr 3715766958], length 0 > 14:39:14.221909 IP mail.lasertech.eu.smtp > aa002msb.fastweb.it.39302: > Flags [S.], seq 1052123465, ack 3107215081, win 65535, options [mss > 1380,nop,wscale 3,sackOK,TS val 4267997552 ecr 3715766958], length 0 > 14:45:45.022909 IP backup01.lasertech.eu.33884 > mail.lasertech.eu.smtp: > Flags [S], seq 1082491096, win 65535, options [mss 1460,sackOK,eol], length > 0 > 14:45:45.022936 IP mail.lasertech.eu.smtp > backup01.lasertech.eu.33884: > Flags [S.], seq 2020426729, ack 1082491097, win 65535, options [mss > 1460,sackOK,eol], length 0 > 14:45:45.023776 IP backup01.lasertech.eu.33884 > mail.lasertech.eu.smtp: > Flags [.], ack 1, win 65535, length 0 > 14:45:45.039429 IP mail.lasertech.eu.smtp > backup01.lasertech.eu.33884: > Flags [P.], ack 1, win 65535, length 37 > 14:45:45.040374 IP backup01.lasertech.eu.33884 > mail.lasertech.eu.smtp: > Flags [P.], ack 38, win 65535, length 28 > 14:45:45.040441 IP mail.lasertech.eu.smtp > backup01.lasertech.eu.33884: > Flags [P.], ack 29, win 65535, length 23 > 14:45:45.041276 IP backup01.lasertech.eu.33884 > mail.lasertech.eu.smtp: > Flags [P.], ack 61, win 65535, length 6 > 14:45:45.041361 IP mail.lasertech.eu.smtp > backup01.lasertech.eu.33884: > Flags [P.], ack 35, win 65535, length 15 > 14:45:45.041369 IP mail.lasertech.eu.smtp > backup01.lasertech.eu.33884: > Flags [F.], seq 76, ack 35, win 65535, length 0 > 14:45:45.042852 IP backup01.lasertech.eu.33884 > mail.lasertech.eu.smtp: > Flags [F.], seq 35, ack 76, win 65535, length 0 > 14:45:45.042868 IP mail.lasertech.eu.smtp > backup01.lasertech.eu.33884: > Flags [F.], seq 76, ack 36, win 65535, length 0 > 14:45:45.043993 IP backup01.lasertech.eu.33884 > mail.lasertech.eu.smtp: > Flags [.], ack 77, win 88, length 0 > 14:55:45.114330 IP backup01.lasertech.eu.57827 > mail.lasertech.eu.smtp: > Flags [S], seq 3906189564, win 65535, options [mss 1460,sackOK,eol], length > 0 > 14:55:45.114380 IP mail.lasertech.eu.smtp > backup01.lasertech.eu.57827: > Flags [S.], seq 2654839137, ack 3906189565, win 65535, options [mss > 1460,sackOK,eol], length 0 > 14:55:45.115168 IP backup01.lasertech.eu.57827 > mail.lasertech.eu.smtp: > Flags [.], ack 1, win 65535, length 0 > 14:55:45.130944 IP mail.lasertech.eu.smtp > backup01.lasertech.eu.57827: > Flags [P.], ack 1, win 65535, length 37 > 14:55:45.131860 IP backup01.lasertech.eu.57827 > mail.lasertech.eu.smtp: > Flags [P.], ack 38, win 65535, length 28 > 14:55:45.131923 IP mail.lasertech.eu.smtp > backup01.lasertech.eu.57827: > Flags [P.], ack 29, win 65535, length 23 > 14:55:45.132748 IP backup01.lasertech.eu.57827 > mail.lasertech.eu.smtp: > Flags [P.], ack 61, win 65535, length 6 > 14:55:45.132833 IP mail.lasertech.eu.smtp > backup01.lasertech.eu.57827: > Flags [P.], ack 35, win 65535, length 15 > 14:55:45.132841 IP mail.lasertech.eu.smtp > backup01.lasertech.eu.57827: > Flags [F.], seq 76, ack 35, win 65535, length 0 > 14:55:45.133891 IP backup01.lasertech.eu.57827 > mail.lasertech.eu.smtp: > Flags [F.], seq 35, ack 76, win 65535, length 0 > 14:55:45.133907 IP mail.lasertech.eu.smtp > backup01.lasertech.eu.57827: > Flags [F.], seq 76, ack 36, win 65535, length 0 > 14:55:45.134720 IP backup01.lasertech.eu.57827 > mail.lasertech.eu.smtp: > Flags [.], ack 77, win 88, length 0 > > and in the maillog: > Jul 11 14:45:45 : input attribute value: > gDWcLwTJ7LO5d1H4VnnJXsuY82Lysne6TopRu7rgczA= > Jul 11 14:45:45 : private/tlsmgr: wanted attribute: (list terminator) > Jul 11 14:45:45 : input attribute name: (end) > Jul 11 14:45:45 : name_mask: CVE-2005-2969 > Jul 11 14:45:45 : name_mask: CVE-2010-4180 > Jul 11 14:45:45 : send attr request = policy > Jul 11 14:45:45 : send attr cache_type = smtpd > Jul 11 14:45:45 : private/tlsmgr: wanted attribute: status > Jul 11 14:45:45 : input attribute name: status > Jul 11 14:45:45 : input attribute value: 0 > Jul 11 14:45:45 : private/tlsmgr: wanted attribute: cachable > Jul 11 14:45:45 : input attribute name: cachable > Jul 11 14:45:45 : input attribute value: 0 > Jul 11 14:45:45 : private/tlsmgr: wanted attribute: (list terminator) > Jul 11 14:45:45 : input attribute name: (end) > Jul 11 14:45:45 : match_string: fast_flush_domains ~? debug_peer_list > Jul 11 14:45:45 : match_string: fast_flush_domains ~? fast_flush_domains > Jul 11 14:45:45 : auto_clnt_create: transport=local endpoint=private/anvil > Jul 11 14:45:45 : connection established > Jul 11 14:45:45 : master_notify: status 0 > Jul 11 14:45:45 : name_mask: resource > Jul 11 14:45:45 : name_mask: software > Jul 11 14:45:45 : connect from backup01.lasertech.eu[192.168.100.52] > Jul 11 14:45:45 : match_list_match: backup01.lasertech.eu: no match > Jul 11 14:45:45 : match_list_match: 192.168.100.52: no match > Jul 11 14:45:45 : match_list_match: backup01.lasertech.eu: no match > Jul 11 14:45:45 : match_list_match: 192.168.100.52: no match > Jul 11 14:45:45 : match_hostname: backup01.lasertech.eu ~? > 192.168.10.0/24 > Jul 11 14:45:45 : match_hostaddr: 192.168.100.52 ~? 192.168.10.0/24 > Jul 11 14:45:45 : match_hostname: backup01.lasertech.eu ~? 127.0.0.0/8 > Jul 11 14:45:45 : match_hostaddr: 192.168.100.52 ~? 127.0.0.0/8 > Jul 11 14:45:45 : match_hostname: backup01.lasertech.eu ~? > 192.168.100.0/24 > Jul 11 14:45:45 : match_hostaddr: 192.168.100.52 ~? 192.168.100.0/24 > Jul 11 14:45:45 : > backup01.lasertech.eu[192.168.100.52]: 220 > mail.lasertech.eu ESMTP Postfix > Jul 11 14:45:45 : xsasl_dovecot_server_create: SASL service=smtp, realm= > mail.lasertech.eu > Jul 11 14:45:45 : name_mask: noanonymous > Jul 11 14:45:45 : xsasl_dovecot_server_connect: Connecting > Jul 11 14:45:45 : xsasl_dovecot_server_connect: auth reply: > MECH?PLAIN?plaintext > Jul 11 14:45:45 : name_mask: plaintext > Jul 11 14:45:45 : xsasl_dovecot_server_connect: auth reply: > MECH?LOGIN?plaintext > Jul 11 14:45:45 : name_mask: plaintext > Jul 11 14:45:45 : xsasl_dovecot_server_connect: auth reply: VERSION?1?0 > Jul 11 14:45:45 : xsasl_dovecot_server_connect: auth reply: SPID?1092 > Jul 11 14:45:45 : xsasl_dovecot_server_connect: auth reply: CUID?110 > Jul 11 14:45:45 : xsasl_dovecot_server_connect: auth reply: DONE > Jul 11 14:45:45 : xsasl_dovecot_server_mech_filter: keep mechanism: PLAIN > Jul 11 14:45:45 : xsasl_dovecot_server_mech_filter: keep mechanism: LOGIN > Jul 11 14:45:45 : < backup01.lasertech.eu[192.168.100.52]: HELO > backup01.lasertech.eu > Jul 11 14:45:45 : > backup01.lasertech.eu[192.168.100.52]: 250 > mail.lasertech.eu > Jul 11 14:45:45 : < backup01.lasertech.eu[192.168.100.52]: QUIT > Jul 11 14:45:45 : > backup01.lasertech.eu[192.168.100.52]: 221 2.0.0 Bye > Jul 11 14:45:45 : match_hostname: backup01.lasertech.eu ~? > 192.168.10.0/24 > Jul 11 14:45:45 : match_hostaddr: 192.168.100.52 ~? 192.168.10.0/24 > Jul 11 14:45:45 : match_hostname: backup01.lasertech.eu ~? 127.0.0.0/8 > Jul 11 14:45:45 : match_hostaddr: 192.168.100.52 ~? 127.0.0.0/8 > Jul 11 14:45:45 : match_hostname: backup01.lasertech.eu ~? > 192.168.100.0/24 > Jul 11 14:45:45 : match_hostaddr: 192.168.100.52 ~? 192.168.100.0/24 > Jul 11 14:45:45 : disconnect from backup01.lasertech.eu[192.168.100.52] > Jul 11 14:45:45 : master_notify: status 1 > Jul 11 14:45:45 : connection closed > Jul 11 14:45:50 : proxymap stream disconnect > Jul 11 14:45:50 : auto_clnt_close: disconnect private/tlsmgr stream > Jul 11 14:47:25 : idle timeout -- exiting >
