2

The problem occurs on my mail server, which apart from that works perfectly. Clients can connect via IMAP and Postfix receives and sends out emails without any hassle.

Installed software:

$> dpkg --list
ii  postfix                         3.1.12-0+deb9u1        amd64
ii  dovecot-core                    1:2.2.27-3+deb9u5      amd64
ii  dovecot-imapd                   1:2.2.27-3+deb9u5      amd64

I get the following error message every minute (and as I'm monitoring log files this is driving me crazy as I get every time an alert because of the syscall failed in my monitoring system):

Nov 27 18:30:17 localhost dovecot: imap-login:
   Disconnected (no auth attempts in 0 secs):
   user=<>, rip=127.0.0.1, lip=127.0.0.1,
   TLS handshaking: SSL_accept() syscall failed: Success,
   session=<lMywWVeYJpZ/AAAB>

As we can see the user field is empty and the request comes from localhost. Now I'm trying to debug my system and my questions are:

  • Did someone experienced the same problem? Is that really some application, which resides on the same machine, which is trying to connect or is something else causing this log message?
  • How can I find out which application is trying to connect?

Any help is much appreciated!

EDIT:

The log messages exactly before the aforementioned error message:

Nov 27 18:30:17 localhost postfix/postscreen[29370]: CONNECT from [127.0.0.1]:50844 to [127.0.0.1]:25
Nov 27 18:30:17 localhost postfix/postscreen[29370]: WHITELISTED [127.0.0.1]:50844
Nov 27 18:30:17 localhost postfix/smtpd[13455]: connect from localhost[127.0.0.1]
Nov 27 18:30:17 localhost postfix/smtpd[13455]: lost connection after CONNECT from localhost[127.0.0.1]
Nov 27 18:30:17 localhost postfix/smtpd[13455]: disconnect from localhost[127.0.0.1] commands=0/0
Nov 27 18:30:17 localhost postfix/submission/smtpd[15222]: connect from localhost[127.0.0.1]
Nov 27 18:30:17 localhost postfix/submission/smtpd[15222]: lost connection after CONNECT from localhost[127.0.0.1]
Nov 27 18:30:17 localhost postfix/submission/smtpd[15222]: disconnect from localhost[127.0.0.1] commands=0/0
manifestor
  • 6,079
  • 7
  • 27
  • 39
  • Is it really every minute? Always? – Lenniey Nov 28 '19 at 13:54
  • @Lenniey yes Sir, it is in fact every minute – manifestor Nov 28 '19 at 13:55
  • Are you using any monitoring software? – Lenniey Nov 28 '19 at 13:56
  • @Lenniey yes Zabbix - it's checking my logs for strings like `fail` and reporting to me. That's why this log message is very annoying. I just switched the agent off and the messages stopped to appear in the log files - you helped me!)) now i'm a step further, I need to find out why the zabbix agent is connecting this way, because on the old mail server I had a zabbix aggent as well and there was no such issue. – manifestor Nov 28 '19 at 14:29
  • This looks like something is monitoring whether connections to smtpd/imapd etc. are possible, i.e. that the services are available. This is generally a good thing, but you need to ignore such messages in your log scans. – wurtel Nov 28 '19 at 15:58
  • It's no issue, it's probably the SMTP service check of zabbix, or some 3rd party template for postfix or something. Check the items/templates in your host for anything like that. – Lenniey Nov 28 '19 at 22:32
  • @wurtel - yes it was indeed the port 25 and port 587 checks from the zabbix agent. I moved the mail server from one machine to another and the strange thing is that on the old machine those checks worked just fine, without those errors in my syslog. Now I'm trying to figure out why it does not show the same results as on the old machine. Anyway, thank you very much for your help Gentlemen! – manifestor Nov 29 '19 at 13:33
  • add a "ps aux" please –  Dec 01 '19 at 20:17

0 Answers0