On 2017-07-21 19:36, Werner Flamme wrote:
Hi,
this morning, my company's postmaster sent me an excerpt from the mail log stating that there is some software on one of my boxes that doesn't speak proper IMAP.
19-Jul-2017 22:38:33.49 tcp_local BS 0 rfc822; a1 LOGOUT 500 5.5.1 Unknown command "a1 LOGOUT" specified TCP|a.b.c.d|465|a.b.e.f|48270
The thing that I find most interesting is that I do not have any entries in /var/log/mail at this time. Some minutes earlier and some minutes later there are, but not at this time. Both hosts use the same time source.
So I guess that there is a script running on the box that reads the postfix config entry for its relayhost (postconf -h relayhost) and sends a mail all by itself. And doing so, it uses a wrong IMAP command, LOGOUT instead of QUIT.
This is not consistent. Postfix talks SMTP, not IMAP. You can not send an email using IMAP. If someone is using IMAP, the server component would be dovecot, cyrus, or something else. Not postfix. You have to first identify which mail server component is really affected. Ie, what is "tcp_local"? Google search indicates Oracle and SMTP, so it is impossible this can be an IMAP command. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)