On Tue, Dec 24, 2024 at 12:50:04PM +0100, Dirk Stöcker via Postfix-users wrote:
> > Postfix logs TLS status details before it logs delivery status details.
>
> ...
>
> > With plaintext delivery, that first line will not be logged.
>
> I know.
>
> > In both cases the logging shows the SMTP client process name and
> > process ID, and the remote SMTP server name, IP address, and port.
> > With all thath information, there should be no confusion about which
> > TLS status line belongs with which delivery status line.
>
> That's not what I search for.
The "collate" script included with Postfix source is perfectly capable
of reporting this.
# tail -n1000000 /var/log/postfix/log |
perl /root/collate |
perl -ne '
BEGIN {$/="\n\n"}
next unless m{postfix/smtpd};
next unless m{postfix/qmgr};
print if m{Anonymous TLS connection established}
' | grep -c '^$'
9874
# tail -n1000000 /var/log/postfix/log |
perl /root/collate |
perl -ne '
BEGIN {$/="\n\n"}
next unless m{postfix/smtpd};
next unless m{postfix/qmgr};
print unless m{Anonymous TLS connection established}
' | grep -c '^$'
105
So inbound on my server the last 1,000,000 log entries have ~1% non-TLS
traffic actually accepted (the queue manager processed a message).
As for outbound:
# tail -n10000000 /var/log/postfix/log |
perl /root/collate |
perl -ne '
BEGIN {$/="\n\n"}
next unless m{postfix/qmgr};
next unless m{postfix/smtp\[};
print if m{TLS connection established}
' | grep -c '^$'
1998
# tail -n10000000 /var/log/postfix/log |
perl /root/collate |
perl -ne '
BEGIN {$/="\n\n"}
next unless m{postfix/qmgr};
next unless m{postfix/smtp\[};
print unless m{TLS connection established}
' | grep -c '^$'
8
I send ~0.4% non-TLS.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
