> Am 21.11.2021 um 19:54 schrieb Jay Hart: >> I just stood up a new server running C8 stream, postfix, SA, etc. >> >> I keep seeing these log entries in maillog and wonder what to about them. I have not been able to find any research documents detailing >> if >> this is a problem nor how to prevent. Any documentation I have seen via web searches talks about configuration issues with >> spamass-milter. This to me looks like hackers. I get the same four lines over and over again from different IP addresses and the >> pid/socket/id number (26579 in this instance) are always linked. The number is different for each query/probe. > > The issue has nothing to do with what you call "hackers". The cause is a > misconfiguration on your side: take the error message literal. You have > Postfix configured to make use of the spamass milter, everytime another > system connects to the smtp daemon. > >> Nov 21 11:56:57 dream postfix/smtpd[26579]: connect from unknown[141.98.10.140] >> Nov 21 11:56:57 dream postfix/smtpd[26579]: warning: connect to Milter service unix:/run/spamass-milter/spamass-milter.sock: Permission >> denied >> Nov 21 11:56:57 dream postfix/smtpd[26579]: discarding EHLO keywords: CHUNKING >> Nov 21 11:56:57 dream postfix/smtpd[26579]: disconnect from unknown[141.98.10.140] ehlo=1 auth=0/1 quit=1 commands=2/3 >> >> What can I try to do to eliminate this? Other than taking up resources I'm not seeing anything else in the logs to show a problem. >> Should I be concerned? >> >> Research has now shown that Redhat/Centos may have changed the default postfix setting. I do see the following parameter set: >> smtpd_discard_ehlo_keywords = chunking > > You are totally on the wrong track. > >> Sounds like I need to add/set this as 'silent-discard' pseudo keyword to prevent this action from being logged. > > Wrong. > >> Thanks in advance on your help and advice! > > Run "postconf -n" and see where you have defined the spamass milter. > Check whether the spamass milter is really running and that the socket > is available under /run/spamass-milter/spamass-milter.sock. Given it is > bacause the milter runs and has created its socket under that path, > check the permissions (unix permissions and SELinux context) of the > socket and the full path. > Once the root cause is fixed your Postfix will work again as configured. > [root at dream spamassassin]# postconf -n |grep milter milter_default_action = accept milter_protocol = 6 non_smtpd_milters = $smtpd_milters smtpd_milters = unix:/run/spamass-milter/spamass-milter.sock [root at dream spamassassin]# ls -al /var/run/spamass-milter/spamass-milter.sock srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 /var/run/spamass-milter/spamass-milter.sock Two things: 1. should the 'smtpd_milters' path be /var/run... vice unix:/run... 2. I just noticed I have two spamass-milter sockets running: [root at dream spamass-milter]# ls -al /var/run/spamass-milter/spamass-milter.sock srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 /var/run/spamass-milter/spamass-milter.sock [root at dream spamass-milter]# ls -al /run/spamass-milter/spamass-milter.sock srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 /run/spamass-milter/spamass-milter.sock [root at dream share]# ss -l |grep spam u_str LISTEN 0 128 /run/spamass-milter/spamass-milter.sock 185043 [root at dream share]# ss -pl |grep spam u_str LISTEN 0 128 /run/spamass-milter/spamass-milter.sock 185043 * 0 users:(("spamass-milter",pid=16657,fd=4)) u_dgr UNCONN 0 0 * 198745 * 14567 users:(("spamd child",pid=17925,fd=4),("spamd child",pid=17924,fd=4),("spamd",pid=17891,fd=4)) u_dgr UNCONN 0 0 * 185042 * 14567 users:(("spamass-milter",pid=16657,fd=3)) tcp LISTEN 0 128 127.0.0.1:783 0.0.0.0:* users:(("spamd child",pid=17925,fd=6),("spamd child",pid=17924,fd=6),("spamd",pid=17891,fd=6)) tcp LISTEN 0 128 [::1]:783 [::]:* users:(("spamd child",pid=17925,fd=5),("spamd child",pid=17924,fd=5),("spamd",pid=17891,fd=5)) Been hunting around in the configs trying to determine why I got two processes running...Still looking into this. Thanks, Jay >> Jay > > Alexander > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >