I thought it would be interesting to inspect the logs of a production
OpenSMPTD mail server to discover which remote SMTP servers are presenting
verifiable TLS certificates.
The idea being that down the road I'll build a table of these domains and
create a rule in smtpd.conf that will enforce use of TLS with verification
with them.
Here's what I've been using to search the logs and build a list of
qualifying domains.
sudo zgrep -A1 "Server certificate verification succeeded"
/var/log/maillog.*.gz | \
grep 'to='| \
grep -iv -E "mydomain1.tld|mydomain2.tld|mydomain3.tld" | \
awk '{ print $12 }' | \
awk -F '@' '{ print $2}'| \
rev | cut -c 3- | rev | sort | uniq
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
