Hello all, I'm running the postfix-sasl-3.5.8,1 pkg on FreeBSD 12.2-RELEASE-p4 GENERIC
Yesterday I plugged my public IP into the mxtoolbox diags page and my logs recorded this: Mar 21 14:50:35 postfix/postscreen[3804]: CONNECT from [18.205.72.90]:43471 to [192.168.11.2]:25 Mar 21 14:50:41 postfix/postscreen[3804]: PASS NEW [18.205.72.90]:43471 Mar 21 14:50:43 postfix/smtpd[3806]: connect from keeper-us-east-1c.mxtoolbox.com[18.205.72.90] Mar 21 14:50:45 postfix/cleanup[3810]: 05625DF30B: message-id=<[email protected]> Mar 21 14:50:45 postfix/qmgr[735]: 05625DF30B: from=<[email protected]>, size=233, nrcpt=1 (queue active) Mar 21 14:50:45 postfix/smtp[3811]: Trusted TLS connection established to mail.aussiebroadband.com.au[121.200.0.25]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 Mar 21 14:50:46 postfix/smtp[3811]: 05625DF30B: to=<[email protected]>, relay=mail.aussiebroadband.com.au[121.200.0.25]:25, delay=1.1, delays=0.01/0.02/0.99/0.03, dsn=2.1.5, status=deliverable (250 2.1.5 Ok) Mar 21 14:50:46 postfix/qmgr[735]: 05625DF30B: removed Mar 21 14:50:48 postfix/smtpd[3806]: NOQUEUE: reject: RCPT from keeper-us-east-1c.mxtoolbox.com[18.205.72.90]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<keeper-us-east-1c.mxtoolbox.com> Mar 21 14:50:48 postfix/smtpd[3806]: disconnect from keeper-us-east-1c.mxtoolbox.com[18.205.72.90] ehlo=1 mail=1 rcpt=0/1 quit=1 commands=3/4 The relay was rejected but I've never seen an attempted relay generate a probe to my ISP's mail server before. Just curious as to how/why this probe would happen. Something wrong in my configuration? Many thanks, Phil # postconf -nf address_verify_negative_expire_time = 1d alias_database = hash:/etc/mail/aliases alias_maps = hash:/etc/mail/aliases bounce_queue_lifetime = 0s compatibility_level = 2 default_process_limit = 100 disable_vrfy_command = yes header_checks = pcre:/usr/local/etc/postfix/header_check header_size_limit = 1024000 inet_interfaces = 192.168.11.2 inet_protocols = ipv4 local_recipient_maps = message_size_limit = 30000000 myhostname = postfix.pjb.cc mynetworks_style = subnet notify_classes = postscreen_access_list = permit_mynetworks, cidr:/usr/local/etc/postfix/cal_cidr postscreen_blacklist_action = enforce postscreen_cache_map = btree:/var/db/postfix/postscreen_cache postscreen_cache_retention_time = 90d postscreen_disable_vrfy_command = yes postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = zen.spamhaus.org*2 postscreen_dnsbl_threshold = 2 postscreen_dnsbl_whitelist_threshold = -1 postscreen_greet_action = enforce relay_domains = pjb.cc relayhost = mail.aussiebroadband.com.au smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/usr/local/etc/postfix/mail.abb.com.au smtp_sasl_security_options = noanonymous, noplaintext smtp_sasl_tls_security_options = noanonymous smtp_tls_CAfile = /usr/local/share/certs/ca-root-nss.crt smtp_tls_loglevel = 1 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_scache smtpd_client_connection_count_limit = 20 smtpd_client_connection_rate_limit = 60 smtpd_client_restrictions = permit_mynetworks, check_client_access cidr:/usr/local/etc/postfix/cal_cidr, reject_unknown_client_hostname, reject_unauth_pipelining, permit smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/usr/local/etc/postfix/helo_check, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, warn_if_reject reject_unknown_helo_hostname permit smtpd_recipient_restrictions = permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unverified_recipient, permit smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination, permit smtpd_sender_restrictions = permit_mynetworks, check_sender_access hash:/usr/local/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain, permit soft_bounce = no strict_rfc821_envelopes = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/usr/local/etc/postfix/transport unverified_recipient_reject_code = 550
