[Postfixbuch-users] Exchange -> Postfix: Lost Connection after CONNECT

Florian Kaiser fk at florian-kaiser.net
Do Jun 9 11:05:27 CEST 2011


Hallo Liste,

folgende Konstellation: Ein Exchange sammelt in einer kleinen Firma die Post
der Benutzer. Da der Exchange nur mit einer dynamischen IP und
T-DSL-Business (3000/400kbit) angebunden ist, relayed er über den Server
meines Kunden. Hier kommt es nun bei eigentlich jedem Verbindungsaufbau
meist mehrmals (aber nicht immer) zu "lost connection after
CONNECT"-Fehlern. Danach kommt die Verbindung dann meist durch, oft aber
auch erst nach dem 7,8,10ten Versuch. Hier einmal exemplarisch von vorhin
mit "nur" einem Fehlversuch.

Die kleine Firma sagt, dass wenn Sie über 1und1 relayen (haben dort wohl
auch einen Account dazu), würde alles immer reibungslos funktionieren.

Was mir aufgefallen ist, dass die kleine Firma ICMP komplett per Firewall
blockt - aber das sollte doch dann eigentlich eher Timeouts verursachen,
falls was mit der MTU nicht stimmt und keine lost connections innerhalb der
gleichen Sekunde, oder?
Was kann ich hier noch am Postfix tun? Unten einmal das Debug-Log und
postconf -n. An den Exchange komme ich momentan nicht ran, hoffe aber, dass
das zum Ende der Woche klappt. 

Das Debug-Log sieht dann so aus:
Jun  9 10:44:22 root postfix/smtpd[30647]: connect from
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]
Jun  9 10:44:22 root postfix/smtpd[30647]: match_hostname:
pXXXXXX.dip.t-dialin.net ~? 127.0.0.0/8
Jun  9 10:44:22 root postfix/smtpd[30647]: match_hostaddr: 84.191.xxx.xxx ~?
127.0.0.0/8
Jun  9 10:44:22 root postfix/smtpd[30647]: match_list_match:
pXXXXXX.dip.t-dialin.net: no match
Jun  9 10:44:22 root postfix/smtpd[30647]: match_list_match: 84.191.xxx.xxx:
no match
Jun  9 10:44:22 root postfix/smtpd[30647]: send attr request = connect
Jun  9 10:44:22 root postfix/smtpd[30647]: send attr ident =
smtp:84.191.xxx.xxx
Jun  9 10:44:22 root postfix/smtpd[30647]: vstream_fflush_some: fd 25 flush
43
Jun  9 10:44:22 root postfix/smtpd[30647]: vstream_buf_get_ready: fd 25 got
25
Jun  9 10:44:22 root postfix/smtpd[30647]: private/anvil: wanted attribute:
status
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute name: status
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute value: 0
Jun  9 10:44:22 root postfix/smtpd[30647]: private/anvil: wanted attribute:
count
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute name: count
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute value: 1
Jun  9 10:44:22 root postfix/smtpd[30647]: private/anvil: wanted attribute:
rate
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute name: rate
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute value: 1
Jun  9 10:44:22 root postfix/smtpd[30647]: private/anvil: wanted attribute:
(list terminator)
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute name: (end)
Jun  9 10:44:22 root postfix/smtpd[30647]: >
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]: 220 mydomainname.de ESMTP Postfix
(Debian/GNU)
Jun  9 10:44:22 root postfix/smtpd[30647]: watchdog_pat: 0x7fa547d7d6a0
Jun  9 10:44:22 root postfix/smtpd[30647]: vstream_fflush_some: fd 9 flush
52
Jun  9 10:44:22 root postfix/smtpd[30647]: smtp_get: EOF
Jun  9 10:44:22 root postfix/smtpd[30647]: match_hostname:
pXXXXXX.dip.t-dialin.net ~? 127.0.0.0/8
Jun  9 10:44:22 root postfix/smtpd[30647]: match_hostaddr: 84.191.xxx.xxx ~?
127.0.0.0/8
Jun  9 10:44:22 root postfix/smtpd[30647]: match_list_match:
pXXXXXX.dip.t-dialin.net: no match
Jun  9 10:44:22 root postfix/smtpd[30647]: match_list_match: 84.191.xxx.xxx:
no match
Jun  9 10:44:22 root postfix/smtpd[30647]: send attr request = disconnect
Jun  9 10:44:22 root postfix/smtpd[30647]: send attr ident =
smtp:84.191.xxx.xxx
Jun  9 10:44:22 root postfix/smtpd[30647]: vstream_fflush_some: fd 25 flush
46
Jun  9 10:44:22 root postfix/smtpd[30647]: vstream_buf_get_ready: fd 25 got
10
Jun  9 10:44:22 root postfix/smtpd[30647]: private/anvil: wanted attribute:
status
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute name: status
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute value: 0
Jun  9 10:44:22 root postfix/smtpd[30647]: private/anvil: wanted attribute:
(list terminator)
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute name: (end)
Jun  9 10:44:22 root postfix/smtpd[30647]: lost connection after CONNECT
from pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]
Jun  9 10:44:22 root postfix/smtpd[30647]: disconnect from
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]
Jun  9 10:44:22 root postfix/smtpd[30647]: connect from
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]
Jun  9 10:44:22 root postfix/smtpd[30647]: match_hostname:
pXXXXXX.dip.t-dialin.net ~? 127.0.0.0/8
Jun  9 10:44:22 root postfix/smtpd[30647]: match_hostaddr: 84.191.xxx.xxx ~?
127.0.0.0/8
Jun  9 10:44:22 root postfix/smtpd[30647]: match_list_match:
pXXXXXX.dip.t-dialin.net: no match
Jun  9 10:44:22 root postfix/smtpd[30647]: match_list_match: 84.191.xxx.xxx:
no match
Jun  9 10:44:22 root postfix/smtpd[30647]: send attr request = connect
Jun  9 10:44:22 root postfix/smtpd[30647]: send attr ident =
smtp:84.191.xxx.xxx
Jun  9 10:44:22 root postfix/smtpd[30647]: vstream_fflush_some: fd 25 flush
43
Jun  9 10:44:22 root postfix/smtpd[30647]: vstream_buf_get_ready: fd 25 got
25
Jun  9 10:44:22 root postfix/smtpd[30647]: private/anvil: wanted attribute:
status
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute name: status
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute value: 0
Jun  9 10:44:22 root postfix/smtpd[30647]: private/anvil: wanted attribute:
count
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute name: count
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute value: 1
Jun  9 10:44:22 root postfix/smtpd[30647]: private/anvil: wanted attribute:
rate
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute name: rate
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute value: 2
Jun  9 10:44:22 root postfix/smtpd[30647]: private/anvil: wanted attribute:
(list terminator)
Jun  9 10:44:22 root postfix/smtpd[30647]: input attribute name: (end)
Jun  9 10:44:22 root postfix/smtpd[30647]: >
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]: 220 myhosname.de ESMTP Postfix
(Debian/GNU)
Jun  9 10:44:22 root postfix/smtpd[30647]: watchdog_pat: 0x7fa547d7d6a0
Jun  9 10:44:22 root postfix/smtpd[30647]: vstream_fflush_some: fd 9 flush
52
Jun  9 10:44:22 root postfix/smtpd[30647]: vstream_buf_get_ready: fd 9 got
24
Jun  9 10:44:22 root postfix/smtpd[30647]: <
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]: EHLO kundendomain.com
Jun  9 10:44:22 root postfix/smtpd[30647]: >
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]: 250-myhosname.de
Jun  9 10:44:22 root postfix/smtpd[30647]: >
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]: 250-PIPELINING
Jun  9 10:44:22 root postfix/smtpd[30647]: >
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]: 250-SIZE 50400000
Jun  9 10:44:22 root postfix/smtpd[30647]: >
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]: 250-VRFY
Jun  9 10:44:22 root postfix/smtpd[30647]: >
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]: 250-ETRN
Jun  9 10:44:22 root postfix/smtpd[30647]: >
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]: 250-STARTTLS
Jun  9 10:44:22 root postfix/smtpd[30647]: >
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]: 250-AUTH CRAM-MD5 PLAIN LOGIN
DIGEST-MD5
Jun  9 10:44:22 root postfix/smtpd[30647]: match_list_match:
pXXXXXX.dip.t-dialin.net: no match
Jun  9 10:44:22 root postfix/smtpd[30647]: match_list_match: 84.191.xxx.xxx:
no match
Jun  9 10:44:22 root postfix/smtpd[30647]: >
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]: 250-AUTH=CRAM-MD5 PLAIN LOGIN
DIGEST-MD5
Jun  9 10:44:22 root postfix/smtpd[30647]: >
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]: 250-ENHANCEDSTATUSCODES
Jun  9 10:44:22 root postfix/smtpd[30647]: >
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]: 250-8BITMIME
Jun  9 10:44:22 root postfix/smtpd[30647]: >
pXXXXXX.dip.t-dialin.net[84.191.xxx.xxx]: 250 DSN

.... hier geht es dann immer ordentlich weiter und die E-Mail wird korrekt
eingeliefert.


postconf -n:
alias_maps = $alias_database
append_at_myorigin = no
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
debug_peer_level = 3
debug_peer_list = 84.191.xxx.xxx
mydestination = localhost localhost.$mydomain
mydomain = mydomainname.de
myhostname = myhostname.de
mynetworks = 127.0.0.0/8
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_helo_restrictions = 
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/access_recipient-rfc,        check_client_access
hash:/etc/postfix/access_client,        check_helo_access
hash:/etc/postfix/access_helo,        check_sender_access
hash:/etc/postfix/access_sender,        check_recipient_access
hash:/etc/postfix/access_recipient,        reject_non_fqdn_sender,
reject_non_fqdn_recipient,        reject_unknown_sender_domain,
reject_unknown_recipient_domain,        permit_mynetworks,
permit_sasl_authenticated,        reject_unauth_destination,
reject_unlisted_recipient,        reject_unauth_pipelining,
reject_unknown_reverse_client_hostname,        reject_invalid_helo_hostname,
check_policy_service inet:127.0.0.1:12525        check_policy_service
inet:127.0.0.1:60000        permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = 
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
unknown_address_reject_code = 554
unknown_client_reject_code = 554
virtual_alias_domains = 
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
virtual_mailbox_domains =
mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_transport = maildrop


Bin für jede Hilfe dankbar.


Viele Grüße
Florian




Mehr Informationen über die Mailingliste Postfixbuch-users