1

I know that postfix/smtpd is for incoming mails, smtp for outgoing mails. But I do see in my logfile several entries with postfix/smtps/smtpd. What is this for?

Feb 22 10:57:55 mx postfix/smtps/smtpd[XXXX]: lost connection after EHLO from XXXX[XXXX]
Feb 22 10:57:55 mx postfix/smtps/smtpd[XXXX]: disconnect from XXXX[XXXX] ehlo=1 commands=1
Feb 22 11:07:27 mx postfix/smtps/smtpd[XXXX]: warning: hostname XXXX does not resolve to address XXXX
Feb 22 11:07:27 mx postfix/smtps/smtpd[XXXX]: connect from unknown[XXXX]
Feb 22 11:07:30 mx postfix/smtps/smtpd[XXXX]: SSL_accept error from unknown[XXXX]: lost connection
Feb 22 11:07:30 mx postfix/smtps/smtpd[XXXX]: lost connection after CONNECT from unknown[XXXX]
Feb 22 11:07:30 mx postfix/smtps/smtpd[XXXX]: disconnect from unknown[XXXX] commands=0/0
Feb 22 11:18:22 mx postfix/smtps/smtpd[XXXX]: SSL_accept error from unknown[XXXX]: -1
Feb 22 11:18:22 mx postfix/smtps/smtpd[XXXX]: warning: TLS library problem: error:0A00010B:SSL routines::wrong version number:../ssl/record/ssl3_record.c:354:
Feb 22 11:18:22 mx postfix/smtps/smtpd[XXXX]: lost connection after CONNECT from unknown[XXXX]
Feb 22 11:18:22 mx postfix/smtps/smtpd[XXXX]: disconnect from unknown[XXXX] commands=0/0
Feb 22 11:53:13 mx postfix/smtps/smtpd[XXXX]: connect from unknown[XXXX]
0

2 Answers 2

Reset to default
3

postfix/smtps/smtpd is the combination of:

  • postfix/smtps handles encrypted incoming mail connections (port 465) used for secure email submission (SMTPS).
  • postfix/smtpd is the underlying server that handles both encrypted and unencrypted incoming mail connections (port 25 for unencrypted). You'll see this daemon in your logs for all incoming mail activities, including successful connections, disconnections, errors, and EHLO commands.

In your log example:

  • The first two lines refer to a successful connection, EHLO command exchange, and disconnection from an unknown sender which involves smtpd for receiving the email.
  • The remaining lines all involve unsuccessful connection attempts from unknown senders with SSL/TLS errors. These fall under smtps (for handling secure connections) but likely involve smtpd (for receiving email) as well.
1
  • postfix is the mailer software. smtps is the protocol running on port 465. smtpd is the actual underlying server that answers when a smtps connection on port 465 comes a knocking. Otherwise everything above is correct as far as detail.
    – Ronald Johnson
    Commented Jun 13 at 2:59
-1

You're maybe familiar with the difference between http:// and https:// as the protocol for HTTP requests. https:// is used for HTTP connections that are encrypted with TLS (in earlier days, with SSL).

In a similar fashion, you can put TLS "on top" of SMTP. That's then called SMTPS. The log entries you're seeing are connected to that. Another indication is that some relevant keywords pop up in the log messages, like "SSL_accept" or "TLS library problem".

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .