What's this in my zimbra.log

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
tutek
Posts: 18
Joined: Sat Jun 03, 2017 4:51 pm

What's this in my zimbra.log

Postby tutek » Sat Sep 19, 2020 2:29 pm

I have many statements (every each 2 seconds) in my zimbra.log file like this:

Code: Select all

Sep 19 16:16:03 zimbra2 postfix/postscreen[42904]: CONNECT from [192.168.1.20]:33300 to [192.168.1.14]:25
Sep 19 16:16:03 zimbra2 postfix/postscreen[42904]: WHITELISTED [192.168.1.20]:33300
Sep 19 16:16:03 zimbra2 postfix/smtpd[45342]: connect from sec.mydomain.local[192.168.1.20]
Sep 19 16:16:03 zimbra2 postfix/smtpd[45342]: lost connection after EHLO from sec.mydomain.local[192.168.1.20]
Sep 19 16:16:03 zimbra2 postfix/smtpd[45342]: disconnect from sec.mydomain.local[192.168.1.20] ehlo=0/1 commands=0/1
Sep 19 16:16:05 zimbra2 postfix/postscreen[42904]: CONNECT from [192.168.1.20]:33302 to [192.168.1.14]:25
Sep 19 16:16:05 zimbra2 postfix/postscreen[42904]: WHITELISTED [192.168.1.20]:33302
Sep 19 16:16:05 zimbra2 postfix/smtpd[45342]: connect from sec.mydomain.local[192.168.1.20]
Sep 19 16:16:05 zimbra2 postfix/smtpd[45342]: lost connection after EHLO from sec.mydomain.local[192.168.1.20]
Sep 19 16:16:05 zimbra2 postfix/smtpd[45342]: disconnect from sec.mydomain.local[192.168.1.20] ehlo=0/1 commands=0/1


192.168.1.20 is my security email gateway that forward incoming emails to zimbra 192.168.1.14
What is this, what to do to remove this from my zimbra.log?


User avatar
DualBoot
Elite member
Elite member
Posts: 1308
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: What's this in my zimbra.log

Postby DualBoot » Sat Sep 19, 2020 6:11 pm

Hello,

I think it is some bots testing your mail server connection.

Regards,
tutek
Posts: 18
Joined: Sat Jun 03, 2017 4:51 pm

Re: What's this in my zimbra.log

Postby tutek » Sun Sep 20, 2020 9:11 am

How? my zimbra server is not facing internet, only my security email gateway is,
and this connection from log is beetween two lan devices.
User avatar
DualBoot
Elite member
Elite member
Posts: 1308
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: What's this in my zimbra.log

Postby DualBoot » Mon Sep 21, 2020 8:47 am

one possibility is that your edge MTA forward external smtp connection or maybe your edege MTA is probing your backend server.
phoenix
Ambassador
Ambassador
Posts: 26711
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: What's this in my zimbra.log

Postby phoenix » Mon Sep 21, 2020 8:52 am

It might provide a clue if we knew what your "security email gateway " actually is.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
tutek
Posts: 18
Joined: Sat Jun 03, 2017 4:51 pm

Re: What's this in my zimbra.log

Postby tutek » Tue Sep 22, 2020 4:47 pm

This is Fortimail

Return to “Administrators”

Who is online

Users browsing this forum: Bing [Bot] and 22 guests