I captured some traffic and this appears to be how xymon does its smtp check. It sends EHLO and QUIT without waiting for a response to the former. So its just annoying.
OTOH, this could get flagged as abusive by an IDS. Fail2ban on the external gateway server (not where I first noticed it) is configured to ban for this kind of pipelining.
On 8/9/19 7:59 AM, Stephen Carville (xymon list) wrote:
How does XYMon send mail?
I am seeing several of these kinds of messages in /var/log/maillog on the mail server (scamail01) but no corresponding errors in /var/log/maillog on the xymon (rcaxymon01) server.? This doesn't seem right.
Aug? 9 07:21:41 scamail01 postfix/smtpd[32480]: connect from rcaxymon01.lereta.net[10.212.2.27]
Aug? 9 07:21:41 scamail01 postfix/smtpd[32480]: improper command pipelining after EHLO from rcaxymon01.lereta.net[10.212.2.27]
Aug? 9 07:21:41 scamail01 postfix/smtpd[32480]: disconnect from rcaxymon01.lereta.net[10.212.2.27]
I could turn off reject_unauth_pipelining but I'd prefer not to.
XYMon version: 4.3.29 (built from source)
Platform: CentOS Linux release 7.6.1810
Postfix version: 2.10.1
--
Stephen