Topic: Strange sequence in the Qpsmtpd log

[brianr]

Are there any qpsmtpd experts out there who can explain what is happeneing here?

Code: [Select]

@400000005581711a1c0b63d4 16566 Accepted connection 2/40 from 37.9.62.107 / no.rdns-yet.ukservers.com
@400000005581711a1c0d01e4 16566 Connection from no.rdns-yet.ukservers.com [37.9.62.107]
@400000005581711a1c245e5c 16566 tls plugin (init): ciphers: HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4
@400000005581711a1c3dddb4 16566 tls plugin (init): ciphers: HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4
@400000005581711a1cb13124 16566 tls plugin (init): ciphers: HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4
@400000005581711b1cfe89ec 16566 check_earlytalker plugin (connect): remote host said nothing spontaneous, proceeding
@400000005581711b1d0803b4 16566 check_badcountries plugin (connect): GeoIP Country: EU
@400000005581711b1d341cc4 16566 220 bjsserver.bjsystems.co.uk ESMTP
@400000005581711b1ee25964 16566 dispatching EHLO ylmf-pc
@400000005581711b1ef4c43c 16566 250-bjsystems.co.uk Hi no.rdns-yet.ukservers.com [37.9.62.107]
@400000005581711b1ef521fc 16566 250-PIPELINING
@400000005581711b1ef53584 16566 250-8BITMIME
@400000005581711b1ef57404 16566 250-SIZE 15000000
@400000005581711b1ef5b66c 16566 250 STARTTLS
@400000005581711b2012f5dc 16566 dispatching AUTH LOGIN
@400000005581711b201591d4 16566 count_unrecognized_commands plugin (unrecognized_command): Unrecognized command 'auth'
@400000005581711b2016f164 16566 500 Unrecognized command
@400000005581711b22725a0c 3815 cleaning up after 16566

In particular the lack of a "logterse" entry, which is causing the mailstats contrib to miss the sequence.

Yesterday I see to have around 400-500 of these!

Fully up to date SME8.

[warren]

Brianr  have you checked this thread

http://forums.contribs.org/index.php/topic,51433.0.html

following the info in above , I see the following re "ylmf-pc"

Code: [Select]

2015-06-18 12:34:41.681391500 16833 Accepted connection 2/40 from 87.30.109.186 / host186-109-static.30-87-b.business.telecomitalia.it
2015-06-18 12:34:41.681471500 16833 Connection from host186-109-static.30-87-b.business.telecomitalia.it [87.30.109.186]
2015-06-18 12:34:41.682651500 16833 tls plugin (init): ciphers: HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4
2015-06-18 12:34:41.684131500 16833 tls plugin (init): ciphers: HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4
2015-06-18 12:34:41.688835500 16833 tls plugin (init): ciphers: HIGH:!SSLv2:!ADH:!aNULL:!MD5:!RC4
2015-06-18 12:34:42.691528500 16833 check_earlytalker plugin (connect): remote host said nothing spontaneous, proceeding
2015-06-18 12:34:42.692937500 16833 220 wommail.dyndns.org ESMTP
2015-06-18 12:34:42.944012500 16833 dispatching EHLO ylmf-pc
2015-06-18 12:34:42.945144500 16833 logging::logterse plugin (deny): ` 87.30.109.186    host186-109-static.30-87-b.business.telecomitalia.it                              check_spamhelo  903     Sorry, I don't believe that you are ylmf-pc.    msg denied before queued
2015-06-18 12:34:42.945199500 16833 550 Sorry, I don't believe that you are ylmf-pc.
2015-06-18 12:34:42.945229500 16833 click, disconnecting


[brianr]

aha-  that is exactly it - I missed the other thread.

I'll add in the domain to badhelo and see if that fixes it..

Thanks for the heads up.

[CharlieBrady]

The lack of a logterse entry looks like a bug to me.

The reason that 'auth' is unrecognized is that 'auth' only becomes a valid command after starttls.

[Stefano]

Brianr, following Charlie's observation, could you please fill a bug about logterse's issue? TIA

Charlie, would you please take care of it (once opened)? TIA

[brianr]

http://bugs.contribs.org/show_bug.cgi?id=8952