On 2018-08-30 at 12:27 +0200, Mark Elkins via Exim-dev wrote:
> What this is telling me is someone at 157.0.116.189 is making
> connections to my mail server - presumable to see if they can detect the
> accounts of users on my machine?
This really belongs on exim-users, not exim-dev (bcc'd) because it's not
about the development of Exim itself.
What else do the logs show? It could just be network reliability issues
or dumb clients which don't send QUIT and instead just drop connections.
The following not-enabled-by-default `log_selector` options might be of
interest:
smtp_connection incoming SMTP connections
smtp_incomplete_transaction incomplete SMTP transactions
smtp_no_mail session with no MAIL commands
smtp_protocol_error SMTP protocol errors
smtp_syntax_error SMTP syntax errors
Eg, `smtp_no_mail` will add a log-line for connections which are ended
without an SMTP mail transaction. Thus my monitoring probes for DANE
log (censored):
2018-09-03 00:09:00 [19598]
no MAIL in SMTP connection from XYZ (smtpdane.invalid) [2001:db8::1]:35490
I=[2001:db8::2]:25 D=0s
X=TLSv1.2:ECDHE-RSA-CHACHA20-POLY1305:256 CV=no SNI="mx.spodhuis.org"
C=EHLO,STARTTLS,EHLO,QUIT
Without more detail, you can't assert what the cause or reason for
non-QUIT connections might be.
-Phil
