Page 1 of 1

What's this in my zimbra.log

Posted: Sat Sep 19, 2020 2:29 pm
by tutek
I have many statements (every each 2 seconds) in my zimbra.log file like this:

Code: Select all

Sep 19 16:16:03 zimbra2 postfix/postscreen[42904]: CONNECT from [192.168.1.20]:33300 to [192.168.1.14]:25
Sep 19 16:16:03 zimbra2 postfix/postscreen[42904]: WHITELISTED [192.168.1.20]:33300
Sep 19 16:16:03 zimbra2 postfix/smtpd[45342]: connect from sec.mydomain.local[192.168.1.20]
Sep 19 16:16:03 zimbra2 postfix/smtpd[45342]: lost connection after EHLO from sec.mydomain.local[192.168.1.20]
Sep 19 16:16:03 zimbra2 postfix/smtpd[45342]: disconnect from sec.mydomain.local[192.168.1.20] ehlo=0/1 commands=0/1
Sep 19 16:16:05 zimbra2 postfix/postscreen[42904]: CONNECT from [192.168.1.20]:33302 to [192.168.1.14]:25
Sep 19 16:16:05 zimbra2 postfix/postscreen[42904]: WHITELISTED [192.168.1.20]:33302
Sep 19 16:16:05 zimbra2 postfix/smtpd[45342]: connect from sec.mydomain.local[192.168.1.20]
Sep 19 16:16:05 zimbra2 postfix/smtpd[45342]: lost connection after EHLO from sec.mydomain.local[192.168.1.20]
Sep 19 16:16:05 zimbra2 postfix/smtpd[45342]: disconnect from sec.mydomain.local[192.168.1.20] ehlo=0/1 commands=0/1


192.168.1.20 is my security email gateway that forward incoming emails to zimbra 192.168.1.14
What is this, what to do to remove this from my zimbra.log?

Re: What's this in my zimbra.log

Posted: Sat Sep 19, 2020 6:11 pm
by DualBoot
Hello,

I think it is some bots testing your mail server connection.

Regards,

Re: What's this in my zimbra.log

Posted: Sun Sep 20, 2020 9:11 am
by tutek
How? my zimbra server is not facing internet, only my security email gateway is,
and this connection from log is beetween two lan devices.

Re: What's this in my zimbra.log

Posted: Mon Sep 21, 2020 8:47 am
by DualBoot
one possibility is that your edge MTA forward external smtp connection or maybe your edege MTA is probing your backend server.

Re: What's this in my zimbra.log

Posted: Mon Sep 21, 2020 8:52 am
by phoenix
It might provide a clue if we knew what your "security email gateway " actually is.

Re: What's this in my zimbra.log

Posted: Tue Sep 22, 2020 4:47 pm
by tutek
This is Fortimail