[Xymon] Mail pipelining

Stephen Carville (xymon list) scarville at lereta.com
Fri Aug 9 19:03:42 CEST 2019


I captured some traffic and this appears to be how xymon does its smtp 
check.  It sends EHLO and QUIT without waiting for a response to the 
former.  So its just annoying.

OTOH, this could get flagged as abusive by an IDS.  Fail2ban on the 
external gateway server (not where I first noticed it) is configured to 
ban for this kind of pipelining.

On 8/9/19 7:59 AM, Stephen Carville (xymon list) wrote:

> How does XYMon send mail?
> 
> I am seeing several of these kinds of messages in /var/log/maillog on 
> the mail server (scamail01) but no corresponding errors in 
> /var/log/maillog on the xymon (rcaxymon01) server.  This doesn't seem 
> right.
> 
> Aug  9 07:21:41 scamail01 postfix/smtpd[32480]: connect from 
> rcaxymon01.lereta.net[10.212.2.27]
> 
> Aug  9 07:21:41 scamail01 postfix/smtpd[32480]: improper command 
> pipelining after EHLO from rcaxymon01.lereta.net[10.212.2.27]
> 
> Aug  9 07:21:41 scamail01 postfix/smtpd[32480]: disconnect from 
> rcaxymon01.lereta.net[10.212.2.27]
> 
> I could turn off reject_unauth_pipelining but I'd prefer not to.
> 
> XYMon version: 4.3.29 (built from source)
> 
> Platform: CentOS Linux release 7.6.1810
> 
> Postfix version: 2.10.1
> 
> -- 
> Stephen
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon



More information about the Xymon mailing list