Postfix logs...

Discussion in 'Server Operation' started by lyndros, Apr 20, 2009.

  1. lyndros

    lyndros New Member

    I am having lots of these messages on mail.log:

    Apr 20 14:17:15 ns24815 postfix/smtp[31342]: certificate verification failed for tnetmx.telefonica.net[213.4.149.227]:25: untrusted issuer /C=US/O=RTFM, Inc./OU=Widgets Division/CN=Test CA20010517
    Apr 20 14:23:42 ns24815 postfix/smtp[31856]: certificate verification failed for mail.elventorro.net[86.109.162.127]:25: self-signed certificate

    Seems that server does not recognize the CA, should i add those certificates? is something to worry about?

    And what about this entries... connections without sending data ...

    Apr 20 14:02:06 ns24815 postfix/smtpd[29468]: lost connection after DATA (0 bytes) from cpe-98-28-208-132.woh.res.rr.com[98.28.208.132]
    Apr 20 14:02:07 ns24815 postfix/smtpd[28474]: lost connection after DATA (0 bytes) from 201.22.166.174.dynamic.adsl.gvt.net.br[201.22.166.174]

    Could be spammers checking relays?

    Any help or comment would be appreciatted .


    Thks in advanced.
     
    lyndros, Apr 20, 2009
    #1
  2. tebokkel

    tebokkel New Member

    re TLS, see:
    http://www.irbs.net/internet/postfix/0804/1114.html

    (short version: TLS is used, the error is informational)

    re DATA errors:
    It is very wel possible these are relay-tries, and possibly succeeding (it all depens on when your postfix gives a 4xx that this message isn't allowed). But then again, a lot of malware is very badly written, so errors in the sending process also doesn't seem unlikely.

    Paul
     
    tebokkel, Apr 20, 2009
    #2
  3. lyndros

    lyndros New Member

    thks a lot so tls is working but certificates cannot be checked by the CA. So if i want to avoid this errors as i understand i should place the CA's certs in the following location /etc/ssl/certs.

    Yes it seems relay connections, is it safe to add a new rule to fail2ban, to ban this ip's permanently checking relays?, or is too risky cause i can ban a legimate server with some malware on a user account?

    thk u all
     
    lyndros, Apr 21, 2009
    #3
  4. tebokkel

    tebokkel New Member

    If your mailserver is not abused (ie: is not an open relay), I wouldn't mind about the logs and blocking such attempts; it's not worth the effort.

    If they are succeeding, you really should handle the mailserver security, by limiting the hosts you relay for or the conditions for which you do. Only ignoring the logging than is a sure way to get onto a lot of blacklists with your mailserver.

    Paul
     
    tebokkel, Apr 21, 2009
    #4

Share This Page