On 11 December 2016 at 09:12, John Fawcett <j...@voipsupport.it> wrote: > On 12/11/2016 10:00 AM, Dominic Raferd wrote: >> On 11 December 2016 at 08:43, John Fawcett <j...@voipsupport.it> wrote: >>> On 12/11/2016 09:25 AM, Dominic Raferd wrote: >>>> In general my postfix mail server is working well, it is receiving >>>> emails with optional STARTTLS. But I am occasionally seeing an error >>>> message like this in the log: >>>> >>>> 2016-12-11 00:32:19 dl1 postfix/smtpd[13665]: SSL_accept error from >>>> unknown[14.215.156.100]: lost connection >>>> >>>> The connection giving rise to the error is never from one of our >>>> machines/users. Should I be worried about it? Does it indicate some >>>> bad configuration on my side? >>>> >>>> Dominic >>> Dominic >>> >>> it would help if you posted your configuration. >>> I suspect that you have the smtps service configured in master.cf. If >>> anyone is using it, it should be only your own users, so errors from >>> unrecognised ips will not be a problem and are probably not for any >>> legitimate reason. If you don't need the smtps service, you should >>> consider commenting it out completely in master.cf. >>> John >>> >> Thanks John for your quick reply. I don't have any smtps configured in >> master.cf, I only have smtp port (25) open and I allow opportunistic >> TLS (which I require before authentication [for which I use dovecot]) >> i.e. STARTTLS. So any senders can use TLS if they want. I guess that I >> should just ignore these errors from unknown ips as they don't >> indicate a security problem on my side? > > If you are able to receive encrypted email in general then I would > > ignore them unless there is any other sign of a problem > > (like users saying they cannot connect or people saying they are > > not receiving email). > > John >
Thanks John, I have now filtered my error-message-checking cron job so that when these are 'from unknown' they will be ignored and I can stop worrying about them.
